Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Unable to access Internet

This is a discussion on Unable to access Internet within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I am unable to access internet using my Dell XPS notebook with Windows 7. I did not have this


 
 
Thread Tools Search this Thread
Old 11-28-2015, 03:34 PM   #1
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi,
I am unable to access internet using my Dell XPS notebook with Windows 7. I did not have this issue since a couple of days ago. The Wireless Network Connection shows that it is connected, but there is yellow triangle that indicates there is no internet access.
I believe it may be malware related, as my Malwarebytes alerted me on an issue, that it has found issues and wanted me to restart the notebook.
I was able to restart, and run a full scan using both Malwarebytes and Microsoft Security Essentials. It was not able to find any further issues virus or malware, but then I lost my internet connection. I have done multiple refreshes of the modem, router, and worked with Cox (ISP provider) over several hours to fix the issue.

I was looking for possible solutions on-line, and saw the post here for 'Fix Internet Connection after Malware Removal'. It is very well drafted, and the first part of the solution was similar to a lot of the steps I followed with Cox in diagnosis of the issue. I run the reset.bat again but it also did not help. The second step, using Farbar service scanner, was new and I was hopeful this is the fix. however, after running the scanner, file check did not find any missing drivers. Everything was digitally signed.

The Connection Status also seems like the same issue I have:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

I have also downloaded network drivers for Wireless and Bluetooth, but this did not fix the issue.

I am attaching the DDS.txt and Attach.txt files as requested.

Thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.31.2
Run by BenhurL at 13:45:48 on 2015-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5552 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DVDFab Virtual Drive\vdrive.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iolo\System Mechanic Premium\LiveBoost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
mWinlogon: Userinit = userinit.exe,
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
uRun: [DVDFab VDrive] "C:\Program Files\DVDFab Virtual Drive\vdrive.exe"
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Amazon Music] "C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Google Update] "C:\Users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [BingSvc] C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup] <no file>
dRun: [GoogleChromeAutoLaunch_67136DC00006C313E0F9C2C91771871D] "C:\Users\BenhurL\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
StartupFolder: C:\Users\BenhurL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
TCP: NameServer =
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BCFD227-9C79-4DBC-B339-5F75D4BD61B4} : NameServer =
TCP: Interfaces\{71ABF0AD-1D6D-4A40-92CF-ED0CDD32DDDD} : NameServer =
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC} : NameServer =
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}\348627F6D6563616374703639323 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911} : NameServer =
TCP: Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{CCB23301-C487-4E5D-A82F-A1EDB8C49645} : NameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\ss-sup~1\assist~1.dll, c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BenhurL\AppData\Roaming\Mozilla\Firefox\Profiles\lcecjq4j.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BenhurL\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\BenhurL\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=&q=
FF - user.js: extensions.astrmndasr.id - 88532E3567FD593E
FF - user.js: extensions.astrmndasr.instlDay - 16342
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 13:10:26
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_aw_14_40_ie
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - SPDY
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 1332878816
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B
FF - user.js: extensions.astrmndasr.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-2-10 31376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-23 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-23 21616]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2014-9-1 90608]
R1 dvdfabio;dvdfabio;C:\Windows\System32\drivers\dvdfabio.sys [2013-11-18 9976]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-7-21 30752]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-2-10 299848]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-9-7 32912]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-12-4 148480]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-1-22 135824]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-22 1148744]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2015-5-28 4682552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-8-8 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-8-8 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124568]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-22 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-22 19439944]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2015-5-22 83224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-23 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-2-10 410952]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-5 5419792]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-23 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD Smartware\WDBackupEngine.exe [2015-7-20 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-7-20 306552]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-23 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-23 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-23 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-9-23 174168]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-8 24176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-23 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-23 181760]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-22 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-22 38048]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-9-23 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vdrive;vdrive;C:\Windows\System32\drivers\vdrive.sys [2013-11-18 42232]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
S2 4b46e14a;GS-Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/11/18 17:02:51;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2013-4-3 247768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-16 136048]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-23 79360]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-16 136048]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-3-26 192072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-10 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-23 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-9-23 121960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-2 19456]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-9-23 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-2 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-23 98208]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-23 79360]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-1-3 5632]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-11-28 17:40:49 -------- d-----w- C:\Users\BenhurL\AppData\Local\Dell Edoc Viewer
2015-11-28 17:02:05 -------- d--h--w- C:\Windows\System32\WLANProfiles
2015-11-24 19:59:29 11138400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FCDFF77-949C-4BED-A1C3-360C09D29248}\mpengine.dll
2015-11-23 18:43:07 11138400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-21 03:11:24 -------- d-----w- C:\Users\BenhurL\AppData\Roaming\22405
2015-11-21 02:59:27 -------- d-----w- C:\Users\BenhurL\AppData\Roaming\20064
2015-11-04 19:53:52 -------- d-----w- C:\Users\BenhurL\AppData\Local\CEF
.
==================== Find3M ====================
.
2015-11-24 22:32:59 59 ----a-w- C:\Windows\wpd99.drv
2015-11-21 03:00:06 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-11-21 03:00:05 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:48:15.34 ===============
Attached Files
File Type: txt Attach.txt (78.7 KB, 19 views)
Benhurl is offline  
Sponsored Links
Advertisement
 
Old 11-29-2015, 05:02 PM   #2
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hello,

As this is a thread replicated from the Windows 7 forum as advised, I'll include the latest post here to avoid confusion on process followed so far. Please advise on next steps.

Thank you.

---- from Microsoft 7 Thread-----

Hi, I've run the Microsofteasyfix20140.mini file as suggested. Unfortunately it did not resolve the issue. After reading through the process for running this manually, I noted that it seem to have some similar step available in the 'Reset.bat' file I have been running. so This did not resolve the issue.

With regards question on 'is Ethernet working', not really sure what this means. But I do see that I am connected to the network, and my wife's PC is able to access this same network. Only thing is that below the network name, message 'No Internet Access' is noted.

The following is also my PC specs if this is needed for troubleshooting.

XPS L502X
Intel Core i7-2620M CPU @ 2.70 GHZ
Memory - 8.00 GB
64-bit Operating System
Windows 7 Home Premium edition

Please advise if I should continue posting to this thread or shift to the thread I created with the same title in the Virus/Trojan/Spyware Help forum.

Thank you again.
Benhurl is offline  
Old 11-30-2015, 01:07 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

If necessary, download the tools to USB drive on another computer and transfer them to your desktop.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 11-30-2015, 09:18 AM   #4
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Thank you. I am currently running the AdwCleaner. But it seems to hang up on the process for Deleting Folders. It's been 30 minutes now. I plan to let it process for an hour. If it still hangs up, I will cancel and retry again, this time by minimizing the folders that it will delete. So I may have to run these a few times to cover all folders that it will delete. I will post all log files generated if I have to resort to this plan.
Benhurl is offline  
Old 11-30-2015, 12:02 PM   #5
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, The Deleting Folders function keeps hanging up. Can I just delete these files manually? I can save a copy of the list to word, and then delete them manually instead. If not, please advise other action. Thanks.
Benhurl is offline  
Old 11-30-2015, 01:14 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Benhurl. You can do that, or just post the Scan log after running AdwCleaner, and we can script them out later using another tool. The log can be found at C:\AdwCleaner\AdwCleaner[S#].txt
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 01:38 PM   #7
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Thank you. I am attaching the AdwCleaner Scan log. I will be manually deleting all these folders and files. And will then rerun AdwCleaner. I will also run the FRST program after this.
Attached Files
File Type: txt AdwCleaner[S6].txt (14.8 KB, 13 views)
Benhurl is offline  
Old 11-30-2015, 02:23 PM   #8
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, I manually deleted all the folders, and rerun AdvCleaner. This time it run the next processes until thee 'Cleaning Web browsers' phase, and it is taking more than 15 minutes now. I will let it run another hour and see if it goes through. Thanks.
Benhurl is offline  
Old 11-30-2015, 04:01 PM   #9
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi. I am attaching the AdwCleaner log when I had to cancel the process again, as the Clean Web Page has been running for over 1.5 hours already. I instead just manually deleted the remaining web pages available in the form.

I then run the Farbar Recovery Scan Tool. I am also attaching the botht he FRST and Addition log files for this tool.

Please advise for next step.

Thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by BenhurL (administrator) on BENHURL-PC (30-11-2015 14:54:32)
Running from C:\Users\BenhurL\Documents\Fix
Loaded Profiles: BenhurL (Available Profiles: BenhurL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd.) C:\Windows\System32\AMBSpiE.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Fengtao Software Inc.) C:\Program Files\DVDFab Virtual Drive\vdrive.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Google Inc.) C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(© 2015 Microsoft Corporation) C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\LiveBoost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Smartware\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [CTMasterOnOffMonitor] => Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-04] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-18] (CyberLink Corp.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4538680 2015-08-15] (iolo technologies, LLC)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2010-11-01] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [DVDFab VDrive] => C:\Program Files\DVDFab Virtual Drive\vdrive.exe [364960 2013-11-06] (Fengtao Software Inc.)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [Amazon Music] => C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [Google Update] => C:\Users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [MusicManager] => C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\Run: [BingSvc] => C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\MountPoints2: {689b0b60-23f2-11e3-8a6c-88532e3567fd} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\MountPoints2: {e59226eb-5c37-11e3-8d39-88532e3567fd} - G:\CMADownloader.exe
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_67136DC00006C313E0F9C2C91771871D] => C:\Users\BenhurL\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\BenhurL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-08-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 甿쬰ᆁ潔瑰ᦐɱɬጧ
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer]
Tcpip\..\Interfaces\{6BCFD227-9C79-4DBC-B339-5F75D4BD61B4}: [NameServer]
Tcpip\..\Interfaces\{71ABF0AD-1D6D-4A40-92CF-ED0CDD32DDDD}: [NameServer]
Tcpip\..\Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}: [NameServer]
Tcpip\..\Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911}: [NameServer]
Tcpip\..\Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{CCB23301-C487-4E5D-A82F-A1EDB8C49645}: [NameServer]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtAyDyBtN1L2XzutAtFtCtBtFzyzytFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyE0A0EyByDtA0EtG0FtDyCyCtGyE0CtBtBtGzy0AtDzztGtDtA0DyDzyyDzytBtC0F0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Dzz0B0ByDyCzytGyE0EtD0DtGyEyByByBtG0Bzy0A0DtG0FtByC0A0ByCzzzytC0DyBtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDtBtD%26cr%3D87740431%26a%3Dwncy_rsprck_15_38%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5CDF&PC=SL5C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5CDF&PC=SL5C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> {1C6EAF83-2FD0-4C72-8887-F3F132302AAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> {950B9859-FBAD-43F3-8308-B9DDF603B699} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL =
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

FireFox:
========
FF ProfilePath: C:\Users\BenhurL\AppData\Roaming\Mozilla\Firefox\Profiles\lcecjq4j.default
FF DefaultSearchEngine: Search Provided by Yahoo
FF SearchEngineOrder.1: Secure Search
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-23] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019014962-3394342934-3349252320-1001: @citrixonline.com/appdetectorplugin -> C:\Users\BenhurL\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-4019014962-3394342934-3349252320-1001: @tools.google.com/Google Update;version=3 -> C:\Users\BenhurL\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4019014962-3394342934-3349252320-1001: @tools.google.com/Google Update;version=9 -> C:\Users\BenhurL\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-26]
FF Extension: Bing Search - C:\Users\BenhurL\AppData\Roaming\Mozilla\Firefox\Profiles\lcecjq4j.default\Extensions\[email protected] [2015-10-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-09-23] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\BenhurL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\BenhurL\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\BenhurL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-07-17] (Two Pilots) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [247768 2013-04-03] (CyberLink)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-09-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-16] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-01] (Sensible Vision ) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S4 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2014-01-03] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S4 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-09-23] (Creative Labs) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 4b46e14a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\ss-sup~1\AssistantSvc.dll",service

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 archlp; C:\Windows\SysWow64\drivers\archlp.sys [161792 2009-02-06] ()
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [9976 2013-11-06] (Fengtao Software Inc.) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation)
S1 FileDisk; no ImagePath
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2013-08-26] (Hauppauge, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299848 2015-02-05] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-28] (EldoS Corporation)
R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [42232 2013-11-06] (Fengtao Software Inc.) [File not signed]
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 14:53 - 2015-11-30 14:54 - 00000000 ____D C:\FRST
2015-11-30 12:59 - 2015-11-30 08:05 - 01736704 _____ C:\Users\BenhurL\Desktop\AdwCleaner.exe
2015-11-30 07:09 - 2015-11-30 14:46 - 00000000 ____D C:\AdwCleaner
2015-11-29 16:32 - 2015-11-29 17:28 - 52724248 _____ (iolo technologies, LLC ) C:\Users\BenhurL\Downloads\SystemMechanicPrem.exe
2015-11-28 13:48 - 2015-11-28 13:48 - 00080540 _____ C:\Users\BenhurL\Desktop\attach.txt
2015-11-28 13:48 - 2015-11-28 13:48 - 00028112 _____ C:\Users\BenhurL\Desktop\dds.txt
2015-11-28 09:40 - 2015-11-28 09:40 - 00000000 ____D C:\Users\BenhurL\AppData\Local\Dell Edoc Viewer
2015-11-28 09:12 - 2015-11-28 08:12 - 00000276 _____ C:\Users\BenhurL\Desktop\reset.bat
2015-11-28 09:05 - 2015-11-28 09:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2015-11-28 09:03 - 2015-11-28 09:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-11-28 09:02 - 2015-11-28 09:02 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2015-11-28 08:12 - 2015-11-28 08:12 - 00000276 _____ C:\Users\BenhurL\Downloads\reset.bat
2015-11-28 07:23 - 2015-11-30 14:54 - 00000000 ____D C:\Users\BenhurL\Documents\Fix
2015-11-27 08:44 - 2015-11-27 09:09 - 00000082 _____ C:\Users\BenhurL\Downloads\test.txt
2015-11-25 21:12 - 2015-11-25 21:12 - 00000020 _____ C:\Users\BenhurL\Downloads\ping.txt
2015-11-24 16:31 - 2015-11-24 16:31 - 00000017 _____ C:\Users\BenhurL\Downloads\target.txt
2015-11-20 19:11 - 2015-11-26 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 Nov 20 2015
2015-11-20 19:11 - 2015-11-20 19:11 - 00000000 ____D C:\Users\BenhurL\AppData\Roaming\22405
2015-11-20 19:02 - 2015-11-20 19:06 - 63323656 _____ (Fengtao Software Inc. ) C:\Users\BenhurL\Downloads\DVDFab9218.exe
2015-11-20 18:59 - 2015-11-20 18:59 - 00000000 ____D C:\Users\BenhurL\AppData\Roaming\20064
2015-11-11 18:50 - 2015-11-11 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-04 11:53 - 2015-11-04 11:53 - 00000000 ____D C:\Users\BenhurL\AppData\Local\CEF
2015-11-04 08:41 - 2015-11-04 08:41 - 00000028 _____ C:\Users\BenhurL\Downloads\jawbone 110415.txt
2015-10-31 20:58 - 2015-11-04 12:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 20:58 - 2015-10-31 20:58 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 14:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-11-30 14:52 - 2015-10-04 16:48 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-11-30 14:52 - 2013-12-04 19:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-30 14:52 - 2011-09-23 14:15 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-11-30 14:52 - 2011-09-23 14:07 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-11-30 14:50 - 2015-09-16 09:38 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-30 14:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 14:49 - 2011-09-23 15:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 14:46 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 14:46 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 14:43 - 2015-09-16 09:38 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-30 13:01 - 2013-07-21 20:23 - 00000000 ____D C:\Users\BenhurL
2015-11-30 12:50 - 2013-07-21 20:26 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-11-30 12:49 - 2013-07-26 09:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-11-30 12:49 - 2013-07-21 20:26 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-30 12:37 - 2009-07-13 21:13 - 00796934 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 12:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-11-29 19:33 - 2015-09-16 12:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001UA1d0f0bb3656c58e.job
2015-11-29 16:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-29 16:35 - 2015-05-22 10:50 - 00000000 ____D C:\ProgramData\iolo
2015-11-29 16:33 - 2015-09-07 19:56 - 00001463 _____ C:\Users\Public\Desktop\System Mechanic Premium.lnk
2015-11-29 16:33 - 2015-05-26 20:51 - 00003134 _____ C:\Windows\System32\Tasks\iolo Process Governor
2015-11-29 16:33 - 2015-05-22 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Premium
2015-11-29 16:33 - 2013-07-22 11:33 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-11-29 16:33 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-11-29 15:47 - 2013-10-25 21:36 - 00000000 ____D C:\Users\BenhurL\AppData\Local\ElevatedDiagnostics
2015-11-28 09:41 - 2013-07-21 21:24 - 00000000 ____D C:\ProgramData\PCDr
2015-11-28 09:08 - 2011-09-23 15:33 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-28 09:05 - 2011-09-23 13:53 - 00000000 ____D C:\Program Files\Intel
2015-11-28 09:02 - 2011-09-23 13:55 - 00000000 ____D C:\ProgramData\Intel
2015-11-27 15:07 - 2011-09-23 14:39 - 00000000 ____D C:\ProgramData\Sonic
2015-11-27 15:05 - 2014-10-10 08:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfe4a71441c761.job
2015-11-27 09:07 - 2015-09-17 07:07 - 00000153 _____ C:\ADRInfos.xml
2015-11-26 12:18 - 2013-07-21 20:57 - 00000000 ____D C:\Users\BenhurL\AppData\Local\DVD Profiler
2015-11-26 09:39 - 2015-04-04 22:50 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-26 09:39 - 2014-09-01 16:14 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-26 09:39 - 2013-07-26 21:24 - 00000000 ____D C:\Users\BenhurL\AppData\Local\ApplicationHistory
2015-11-26 09:39 - 2013-07-23 17:56 - 00000000 ____D C:\ProgramData\pdf995
2015-11-26 09:39 - 2013-07-21 21:23 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-11-26 09:39 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-26 09:39 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-26 04:31 - 2014-12-11 15:31 - 00000000 ____D C:\ProgramData\mhlmpjbmhnolmfnkbgahpobaidjoeopn
2015-11-26 04:29 - 2014-01-01 22:09 - 00000000 ____D C:\Program Files (x86)\Ss-Supporter
2015-11-25 13:11 - 2015-09-16 12:06 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001Core1d0f0bb363c113a.job
2015-11-25 09:18 - 2013-07-21 21:32 - 00000000 ____D C:\Users\BenhurL\Documents\My TiVo Recordings for Portables
2015-11-25 08:23 - 2015-06-18 07:14 - 00000000 ____D C:\Users\BenhurL\AppData\Local\Dropbox
2015-11-24 19:03 - 2013-07-22 18:50 - 00000000 ___RD C:\Users\BenhurL\Documents\My TiVo Recordings
2015-11-24 14:32 - 2013-07-23 17:56 - 00000059 _____ C:\Windows\wpd99.drv
2015-11-21 21:33 - 2013-07-21 20:45 - 00000000 ____D C:\Users\BenhurL\Documents\DVD Profiler
2015-11-20 19:11 - 2014-03-07 16:03 - 00001001 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-11-20 19:00 - 2013-07-22 19:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-20 19:00 - 2011-09-23 13:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-20 18:55 - 2013-07-21 20:26 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-11-20 08:15 - 2013-07-21 20:26 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-12 10:04 - 2015-10-10 09:05 - 00000000 ____D C:\Users\BenhurL\Documents\Canon
2015-11-11 18:50 - 2015-09-16 09:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-09 09:56 - 2014-01-22 13:27 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-11-09 09:36 - 2013-07-21 21:24 - 00000000 ____D C:\ProgramData\EPSON
2015-11-06 12:25 - 2014-03-07 16:03 - 00000000 ____D C:\Users\BenhurL\Documents\DVDFab9
2015-11-06 08:11 - 2009-07-13 21:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-05 15:57 - 2013-07-21 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-05 15:55 - 2013-07-23 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-05 13:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-05 10:35 - 2011-09-23 14:34 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-04 12:01 - 2014-01-07 11:33 - 00071903 _____ C:\Users\BenhurL\Downloads\Thai Spice Menu.pdf
2015-11-04 11:53 - 2014-08-20 07:45 - 00000000 ____D C:\Users\BenhurL\AppData\Local\Adobe
2015-10-31 20:59 - 2015-06-10 09:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 20:58 - 2011-09-23 14:07 - 00000000 ____D C:\ProgramData\Adobe
2015-10-31 20:58 - 2011-09-23 14:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-31 17:22 - 2014-09-06 18:37 - 00000000 ____D C:\Users\BenhurL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-10-31 17:22 - 2013-12-04 15:15 - 00001294 _____ C:\Users\BenhurL\Desktop\CopyTrans Control Center.lnk

==================== Files in the root of some directories =======

2015-08-06 11:58 - 2015-08-06 11:58 - 0000079 _____ () C:\Program Files\prefs.js
2015-02-04 14:07 - 2015-07-31 08:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-03 07:20 - 2015-08-06 08:54 - 0000020 _____ () C:\Users\BenhurL\AppData\Roaming\appdataFr2.bin
2015-09-19 09:08 - 2015-09-19 09:08 - 0000098 _____ () C:\Users\BenhurL\AppData\Roaming\settings.xml
2014-04-02 16:22 - 2014-04-02 16:22 - 0003584 _____ () C:\Users\BenhurL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-22 08:31 - 2011-10-22 08:31 - 0001549 _____ () C:\Users\BenhurL\AppData\Local\PDLSetup.20111022.093115.txt
2013-08-02 07:49 - 2013-08-02 07:51 - 0007620 _____ () C:\Users\BenhurL\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\BenhurL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7h97ly.dll
C:\Users\BenhurL\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 12:20

==================== End of FRST.txt ============================
Attached Files
File Type: txt AdwCleaner[C8].txt (9.0 KB, 17 views)
File Type: txt FRST.txt (42.8 KB, 13 views)
File Type: txt Addition.txt (60.2 KB, 16 views)
Benhurl is offline  
Old 11-30-2015, 06:50 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Benhurl. You're very welcome.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

iolo technologies System Mechanic

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling iolo technologies System Mechanic via Programs and Features in your Control Panel.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    
    Task: {0298A0CC-290A-495C-AE33-7C307CBBC7D9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {08725356-89B0-4F28-9981-D337CD1337F4} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {F0D5F01D-74EC-4AB7-A38A-670AB95F29DC} - System32\Tasks\{42C9C597-03EA-4A76-AD6F-51349A6E839F} => pcalua.exe -a C:\Users\BenhurL\AppData\Local\Temp\dlm47EE.tmp\MapSource_6163.exe -d C:\Users\BenhurL\Downloads
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    HKLM-x32\...\Run: [FAStartup] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\MountPoints2: {689b0b60-23f2-11e3-8a6c-88532e3567fd} - E:\unlock.exe autoplay=true
    HKU\S-1-5-21-4019014962-3394342934-3349252320-1001\...\MountPoints2: {e59226eb-5c37-11e3-8d39-88532e3567fd} - G:\CMADownloader.exe
    HKU\S-1-5-18\...\Run: [] => 0
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4019014962-3394342934-3349252320-1001 -> {D13BE556-6F1B-4833-A6FD-DA503E5F43C0} URL =
    BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
    FF SearchEngineOrder.1: Secure Search
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    S2 4b46e14a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\ss-sup~1\AssistantSvc.dll",service
    c:\progra~2\ss-sup~1
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 08:07 PM   #11
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi,I have done the following:
1. Created a System Repair Disk.
2. Backup some specific files
3. Uninstalled Iolo System Mechanic
4. Copied fixlist.txt to the Dell Notebook in same directory as FRST64.exe
5. Run the FRST64.exe > Fix process
I have attached the Fixlog.txt file as instructed. Please advise on next step. Thank you once again.
Attached Files
File Type: txt Fixlog.txt (8.8 KB, 12 views)
Benhurl is offline  
Old 12-01-2015, 04:25 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Benhurl. You're very welcome. Are you still unable to connect to the internet?

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-01-2015, 07:29 AM   #13
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, I am running the Combofix, and I am getting the following error message:
Exception EAccess Violation in module ERUNT.3XE at 00000362. Access violation at address 00403A62 in module 'ERUNT.EXE. Read of address 0069005C.
Is this normal?
Benhurl is offline  
Old 12-01-2015, 07:50 AM   #14
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, The Combofix program complete despite the error message I noted in previous post. I've attached the combofix.log here. Please advise on next step. Thank you again.

ComboFix 15-11-30.01 - BenhurL 12/01/2015 6:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5482 [GMT -8:00]
Running from: c:\users\BenhurL\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\videoplugin
c:\program files (x86)\videoplugin\VideoPlugin.dat
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\BenhurL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmn92ni.dll
c:\users\BenhurL\GoToAssistDownloadHelper.exe
c:\windows\SysWOW64mfc45.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-11-01 to 2015-12-01 )))))))))))))))))))))))))))))))
.
.
2015-12-01 14:36 . 2015-12-01 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-30 22:53 . 2015-12-01 03:02 -------- d-----w- C:\FRST
2015-11-30 15:09 . 2015-11-30 22:46 -------- d-----w- C:\AdwCleaner
2015-11-28 17:40 . 2015-11-28 17:40 -------- d-----w- c:\users\BenhurL\AppData\Local\Dell Edoc Viewer
2015-11-28 17:02 . 2015-11-28 17:02 -------- d--h--w- c:\windows\system32\WLANProfiles
2015-11-24 19:59 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FCDFF77-949C-4BED-A1C3-360C09D29248}\mpengine.dll
2015-11-23 18:43 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-21 03:11 . 2015-11-21 03:11 -------- d-----w- c:\users\BenhurL\AppData\Roaming\22405
2015-11-21 02:59 . 2015-11-21 02:59 -------- d-----w- c:\users\BenhurL\AppData\Roaming\20064
2015-11-04 19:53 . 2015-11-04 19:53 -------- d-----w- c:\users\BenhurL\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-21 03:00 . 2013-07-23 03:09 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-21 03:00 . 2011-09-23 21:42 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-06 19:58 . 2015-08-06 19:58 79 ----a-w- c:\program files\prefs.js
2015-07-31 16:54 . 2015-02-04 22:07 79 ----a-w- c:\program files (x86)\prefs.js
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDFab VDrive"="c:\program files\DVDFab Virtual Drive\vdrive.exe" [2013-11-06 364960]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2011-11-26 2699344]
"Amazon Music"="c:\users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-07-06 5886784]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
"MusicManager"="c:\users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-08-13 7646208]
"BingSvc"="c:\users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-12 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-21 5564784]
"CLMLServer_For_P2G8"="c:\program files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe" [2013-08-05 111576]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-08-19 490760]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2015-11-04 36713096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_67136DC00006C313E0F9C2C91771871D"="c:\users\BenhurL\AppData\Local\Chromium\Application\chrome.exe" [2015-08-11 667136]
.
c:\users\BenhurL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?????????
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/11/18 17:02;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys;c:\windows\SYSNATIVE\DRIVERS\hcwhdpvr.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys;c:\windows\SYSNATIVE\drivers\dvdfabio.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys;c:\windows\SYSNATIVE\DRIVERS\vdrive.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 15:45 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 03:00]
.
2015-12-01 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-16 17:38]
.
2015-12-01 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-16 17:38]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001Core1cfd1fd9a953eeb.job
- c:\users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31 20:22]
.
2015-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001Core1d0f0bb363c113a.job
- c:\users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31 20:22]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001UA1cef2047e4b90b8.job
- c:\users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31 20:22]
.
2015-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4019014962-3394342934-3349252320-1001UA1d0f0bb3656c58e.job
- c:\users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31 20:22]
.
2015-11-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2015-11-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 236352 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTMasterOnOffMonitor"="CTMWatch.dll StartCTMasterOnOffWatch" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-16 2462536]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-10-16 2800296]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/
mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BenhurL\AppData\Roaming\Mozilla\Firefox\Profiles\lcecjq4j.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-12-01 06:46:10 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-01 14:46
.
Pre-Run: 108,892,434,432 bytes free
Post-Run: 108,453,421,056 bytes free
.
- - End Of File - - 6ECE270D5760D23A6DE017DA51F07392
Attached Files
File Type: txt ComboFix.txt (35.9 KB, 12 views)
Benhurl is offline  
Old 12-01-2015, 01:00 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Benhurl. You're very welcome.

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Download the Complete Internet Repair and save it to your desktop.
  • Double-click comintrep.exe and extract the files to your desktop.
  • Open the Complete Internet Repair folder and double-click CIntRep.exe
  • Check the boxes next to Reset Internet Protocol (TCP/IP), Renew Internet Connections, and Fluch DNS Resolver Cache then click Go!
  • You will be prompted to reboot your computer.
  • Once restarted, open the CIntRep.log log in the Logging folder inside the Complete Internet Repair folder and post the contents in your next reply.
------------------------------------------------------

Are you able to connect now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-01-2015, 01:18 PM   #16
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, I run the Complete Internet tool with the suggested parameters, and then rebooted. Unfortunately, I still cannot access internet with same error message. No internet access. Below is the log file for comintrep_2103.

Please advise on next step. Thank you.


./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[01/12/2015 12:09:42] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] TCP/IP interfaces reset successful.
[01/12/2015 12:09:44] TCP/IP v6 interfaces reset successful.
[01/12/2015 12:09:44] You may need to restart your computer for the settings to take effect.
[01/12/2015 12:09:44] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:48] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Windows Event Log Service Configured.
[01/12/2015 12:09:49] Starting the Windows Event Log Service.....
[01/12/2015 12:09:49] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Successfully flushed DNS Resolver Cache.
[01/12/2015 12:09:49] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[01/12/2015 12:09:55] Registration of the DNS resource records has been initiated.
[01/12/2015 12:09:55] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[01/12/2015 12:09:55] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:55] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:59] Your computer is restarting now.....
-----------------------------------------------------------------------------------------
Benhurl is offline  
Old 12-01-2015, 01:27 PM   #17
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hello, I was looking at the files available for Comintrep_2013. I noticed there is also a ComIntRep_x64.exe file. Should I try that instead? Would it matter? Thanks.
Benhurl is offline  
Old 12-01-2015, 06:29 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Benhurl. Yeah, sorry about that, I meant ComIntRep_x64.exe, but I'm not sure if it will make a difference.

Also, my instructions were a little outdated, so sorry for that.

Try ComIntRep_x64.exe, and this time also include Fluch DNS Resolver Cache

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-01-2015, 06:56 PM   #19
Registered Member
 
Join Date: Nov 2015
Posts: 59
OS: Windows 7



Hi, I run ComIntRep_x64.exe. The Flush DNS Resolver Cache was already included in your previous message. However, this did not resolve the issue as well. I am including here the log generated.

Please advise on next step. I really hope we can resolve this next week as I have the trip this weekend where I'll need this notebook. Thanks.


./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[01/12/2015 12:09:42] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] TCP/IP interfaces reset successful.
[01/12/2015 12:09:44] TCP/IP v6 interfaces reset successful.
[01/12/2015 12:09:44] You may need to restart your computer for the settings to take effect.
[01/12/2015 12:09:44] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:44] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:48] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Windows Event Log Service Configured.
[01/12/2015 12:09:49] Starting the Windows Event Log Service.....
[01/12/2015 12:09:49] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:49] Successfully flushed DNS Resolver Cache.
[01/12/2015 12:09:49] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[01/12/2015 12:09:55] Registration of the DNS resource records has been initiated.
[01/12/2015 12:09:55] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[01/12/2015 12:09:55] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:55] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[01/12/2015 12:09:59] Your computer is restarting now.....
-----------------------------------------------------------------------------------------

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[01/12/2015 17:50:26] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:28] TCP/IP interfaces reset successful.
[01/12/2015 17:50:29] TCP/IP v6 interfaces reset successful.
[01/12/2015 17:50:29] You may need to restart your computer for the settings to take effect.
[01/12/2015 17:50:29] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:29] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:29] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:29] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:33] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:33] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:33] Windows Event Log Service Configured.
[01/12/2015 17:50:33] Starting the Windows Event Log Service.....
[01/12/2015 17:50:33] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:33] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:33] Successfully flushed DNS Resolver Cache.
[01/12/2015 17:50:33] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[01/12/2015 17:50:39] Registration of the DNS resource records has been initiated.
[01/12/2015 17:50:39] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[01/12/2015 17:50:39] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:40] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[01/12/2015 17:50:45] Your computer is restarting now.....
-----------------------------------------------------------------------------------------
Benhurl is offline  
Old 12-01-2015, 07:06 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Sorry again, I meant include Repair Winsock (Reset Catalog). If still no joy, you will have to seek help in our Networking Forum.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 11:33 AM
Cannot connect laptop to Inet via wire or wireless
To Virus/Trojan/Spryware/Help Forum & Old Rich and spunk.funk /MicroSoft Support Forum I am sorry for the long-winded introduction below; but, felt it necessary since my problem inquiry has been transferred to another forum and rightfully so due to my poor selection of the right group to assist...
crudeoil Resolved HJT Threads 27 06-19-2012 11:11 AM
Untraceable Worm/Virus named Brontok
So first, this virus made .exe in every single folder on my D: drive. I formatted the C: drive and then formatted D: as well. It was like a completely new PC. Last night, the same virus came back, it's showing up on my AVG. The exact name is: I-Worm Brontok.X I downloaded a "tool" that...
c0ldpr0xy Resolved HJT Threads 32 06-02-2012 11:54 PM
Possible Virus/Trojan?
I'm having issues with ZoneAlarm not being able to activate anti-virus/anti-spyware. I've updated the a.v. database as well as the app itself to the latest versions but still cannot get av/as to activate. It remains disabled and the option to turn it on is grayed out. I'm also unable to get...
Dan V. Resolved HJT Threads 35 03-28-2011 08:29 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:36 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts