Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Malware/Virus Check After Windows 10 Upgrade

This is a discussion on Malware/Virus Check After Windows 10 Upgrade within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I did the Windows Upgrade and as I was playing around with the new OS found my java was out


Closed Thread
 
Thread Tools Search this Thread
Old 09-03-2016, 11:33 AM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 21
OS: Windows 7 Professional



I did the Windows Upgrade and as I was playing around with the new OS found my java was out dated and I think I installed a bad file instead of the real one. Can you please take a look and see what kinds of malware/junk programs I have DL'ed? I know for sure Chromium is one of them


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.545 BrowserJavaVersion: 11.101.2
Run by Vicki at 14:27:25 on 2016-09-03
Microsoft Windows 10 Pro 10.0.10586.0.1252.1.1033.18.8130.5560 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Windows\system32\mfevtps.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Vicki\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ByteFence\ByteFence.exe
C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
c:\PROGRA~1\mcafee\vul\mcvulctr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
uSearch Bar = Preserve
mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
uRun: [Spotify Web Helper] "C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Dropbox Update] "C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [OneDrive] "C:\Users\Vicki\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Chromium] "c:\users\vicki\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Vicki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1daff43e-db8f-4fce-bae5-55801f2b8a01} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.1 mssplus.mcafee.com
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\84hxwpfw.default-1437948450356\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
FF - prefs.js: keyword.URL - true
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-30 1593632]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2015-2-17 846080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2015-2-17 245096]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\WINDOWS\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [2015-7-19 162392]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-8-1 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2016-7-27 936728]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2014-3-30 240584]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-30 169432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-8-25 163592]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2015-7-19 863448]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [2016-2-23 1696712]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 453520]
R2 McPvDrv;McPvDrv Driver;C:\WINDOWS\System32\drivers\McPvDrv.sys [2016-2-29 76064]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-7-19 380896]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [2015-7-19 131144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-30 16939296]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-2-29 902112]
R2 rtop;rtop;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2016-8-15 254280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-7-31 410768]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-6-18 5702416]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2015-2-17 79248]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-7-26 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-2-17 419624]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2015-2-17 351144]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2015-7-19 234192]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2015-2-17 496368]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2015-11-20 539496]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-8-25 46240]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2015-7-19 275368]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-3-30 39200]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2016-7-27 83096]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-7-16 145528]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-26 1133880]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\System32\drivers\lgandbus64.sys [2016-5-30 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\System32\drivers\lganddiag64.sys [2016-5-30 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\System32\drivers\lgandgps64.sys [2016-5-30 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\System32\drivers\lgandmodem64.sys [2016-5-30 34304]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-7-16 433784]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-7-16 413304]
S3 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-7-16 831096]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-4-27 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-7-19 207208]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-7-26 63704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [2016-7-19 327944]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2015-11-20 109480]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-10-30 108032]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-8-1 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-8-1 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-8-1 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-8-1 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-4-27 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-8-1 26112]
S4 AppApcVerifier;AppVerifier APC; [x]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-09-03 18:13:57 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A38C67C-417F-4173-BF69-FE859EBF9C9C}\mpengine.dll
2016-09-02 01:45:56 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-09-02 01:45:55 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D26A00B-0810-4679-B9B2-A57EA6E286DD}\gapaengine.dll
2016-08-31 01:43:15 -------- d-----w- C:\Program Files (x86)\Trend Micro
2016-08-31 01:31:57 316168 ----a-w- C:\WINDOWS\System32\drivers\tmcomm.sys
2016-08-25 00:07:58 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B357B22-C4B2-4DCC-B398-BD172AEFFBD6}\gapaengine.dll
2016-08-15 22:22:25 377344 ----a-w- C:\WINDOWS\RegBootClean.exe
2016-08-15 22:17:21 -------- d-----w- C:\WINDOWS\Trend Micro
2016-08-15 22:17:21 -------- d-----w- C:\ProgramData\Trend Micro
2016-08-15 14:51:15 -------- d-----w- C:\ProgramData\AppApcVerifier
2016-08-15 14:31:12 -------- d-----w- C:\ProgramData\ByteFence
2016-08-15 14:21:33 -------- d-----w- C:\Users\Vicki\AppData\Roaming\{E638D083-C36A-BDF5-A85C-9A27748E6719}
2016-08-15 14:21:08 -------- d-----w- C:\Users\Vicki\AppData\Local\{E665D039-C2CD-BC81-AF55-99698B3D65F1}
2016-08-15 14:21:07 -------- d-----w- C:\Program Files\ByteFence
2016-08-15 14:21:05 -------- d-----w- C:\Users\Vicki\AppData\Roaming\efo
2016-08-15 14:16:33 -------- d-----w- C:\Users\Vicki\AppData\Local\MicrosoftEdge
2016-08-10 06:13:22 -------- d-----w- C:\WINDOWS\PCHEALTH
2016-08-10 0557 970752 ----a-w- C:\WINDOWS\System32\kerberos.dll
2016-08-10 0557 359936 ----a-w- C:\WINDOWS\System32\SensorsApi.dll
2016-08-10 0557 286208 ----a-w- C:\WINDOWS\SysWow64\SensorsApi.dll
2016-08-10 0556 91136 ----a-w- C:\WINDOWS\System32\bthserv.dll
2016-08-10 0556 58408 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll
2016-08-10 0556 422744 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2016-08-10 0556 339968 ----a-w- C:\WINDOWS\System32\SensorService.dll
.
==================== Find3M ====================
.
2016-08-15 14:22:55 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2016-08-03 11:14:47 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-08-03 11:14:47 50368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-08-03 11:14:47 1505984 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-08-03 10:36:39 7469408 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-08-03 10:36:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2016-08-03 10:36:30 37744 ----a-w- C:\WINDOWS\System32\wldp.dll
2016-08-03 10:23:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-08-03 10:23:42 693600 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-08-03 10:22:53 465248 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2016-08-03 10:22:39 331616 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-08-03 10:22:10 808288 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-08-03 10:22:08 1322760 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-08-03 10:21:07 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-08-03 10:21:01 566112 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-08-03 10:20:08 1540224 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2016-08-03 10:20:04 692136 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2016-08-03 10:19:37 604928 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-08-03 10:19:36 161632 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-08-03 10:13:17 1988448 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-08-03 10:13:11 576864 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-08-03 10:13:10 393056 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-08-03 09:51:14 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-08-03 09:51:00 123392 ----a-w- C:\WINDOWS\System32\tdlrecover.exe
2016-08-03 09:46:24 22384128 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-08-03 09:44:39 63488 ----a-w- C:\WINDOWS\System32\wshbth.dll
2016-08-03 09:44:23 44544 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2016-08-03 09:44:03 189952 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-08-03 09:43:07 16985088 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-08-03 09:41:27 64000 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-08-03 09:41:25 59904 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-08-03 09:40:54 58880 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2016-08-03 09:40:48 47616 ----a-w- C:\WINDOWS\System32\TpmTasks.dll
2016-08-03 09:40:16 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-08-03 09:39:55 218624 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-08-03 09:39:43 104448 ----a-w- C:\WINDOWS\System32\BluetoothApis.dll
2016-08-03 09:38:23 379392 ----a-w- C:\WINDOWS\System32\usocore.dll
2016-08-03 09:38:22 412160 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-08-03 09:37:22 110080 ----a-w- C:\WINDOWS\System32\IdCtrls.dll
2016-08-03 09:36:49 211456 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2016-08-03 09:36:28 198144 ----a-w- C:\WINDOWS\System32\winsrv.dll
2016-08-03 09:35:56 200192 ----a-w- C:\WINDOWS\System32\WUDFPlatform.dll
2016-08-03 09:35:15 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-08-03 09:33:37 285184 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2016-08-03 09:31:54 247296 ----a-w- C:\WINDOWS\System32\wevtutil.exe
2016-08-03 09:31:38 506880 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2016-08-03 09:30:28 515072 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2016-08-03 09:29:36 2127360 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2016-08-03 09:29:15 1500160 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2016-08-03 09:29:09 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-08-03 09:28:40 529920 ----a-w- C:\WINDOWS\System32\LogonController.dll
2016-08-03 09:28:22 1213440 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2016-08-03 09:27:58 1717760 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2016-08-03 09:27:45 7536640 ----a-w- C:\WINDOWS\System32\mstscax.dll
2016-08-03 09:27:29 381952 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2016-08-03 09:18:57 6974464 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-08-03 09:18:20 1388032 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-08-03 09:18:16 2067968 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-08-03 09:17:10 2175488 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-08-03 09:16:43 2635776 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-08-03 09:16:30 3589120 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-08-03 09:16:25 5123072 ----a-w- C:\WINDOWS\System32\dbgeng.dll
2016-08-03 09:15:20 7833088 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-08-03 09:14:04 1997824 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2016-08-03 09:14:02 4895232 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-08-03 09:13:59 3025920 ----a-w- C:\WINDOWS\System32\wininet.dll
2016-08-03 09:12:25 2746368 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-08-03 09:11:25 4171264 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-08-03 05:52:28 34088 ----a-w- C:\WINDOWS\SysWow64\wldp.dll
2016-08-03 05:34:16 501592 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-08-03 05:34:13 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-08-03 05:33:08 51128 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-08-03 05:31:51 957608 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-08-03 05:31:38 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-08-03 05:30:12 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-08-03 05:30:07 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-08-03 04:57:44 91648 ----a-w- C:\WINDOWS\SysWow64\tdlrecover.exe
2016-08-03 04:48:25 51712 ----a-w- C:\WINDOWS\SysWow64\wshbth.dll
2016-08-03 04:47:48 13018112 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:44:46 48128 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker.dll
2016-08-03 04:44:45 48640 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-08-03 04:42:54 80896 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2016-08-03 04:40:45 92160 ----a-w- C:\WINDOWS\SysWow64\IdCtrls.dll
2016-08-03 04:37:22 219136 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-08-03 04:35:37 178688 ----a-w- C:\WINDOWS\SysWow64\wevtutil.exe
2016-08-03 04:34:23 400896 ----a-w- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
2016-08-03 04:34:10 792064 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2016-08-03 04:33:52 2050048 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2016-08-03 04:33:35 18677760 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-08-03 04:32:44 434688 ----a-w- C:\WINDOWS\SysWow64\LogonController.dll
2016-08-03 04:32:09 1467392 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2016-08-03 04:31:05 6743040 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2016-08-03 04:28:30 3663360 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2016-08-03 04:25:36 5323776 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2016-08-03 04:25:23 4078080 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll
2016-08-03 04:23:48 1799680 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-08-03 04:23:47 5660672 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-08-03 04:22:18 2501120 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2016-08-03 04:21:34 1708032 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2016-08-03 04:19:22 2180096 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
.
============= FINISH: 14:27:37.24 ===============
Attached Files
File Type: txt attach.txt (14.6 KB, 296 views)
alildusty is offline  
Sponsored Links
Advertisement
 
Old 09-04-2016, 12:44 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Chromium isn't malware.

https://www.chromium.org/

If you don't need it, simply uninstall it.

------------------------------------------------------

Are you aware you have no system restore points?

Right-click the Windows logo > Control Panel > System > System Protection > Protection Settings

Is System Restore turned on for your Windows (C:)(System) drive?

------------------------------------------------------

It appears that you have two antivirus programs installed and running, McAfee and Windows Defender.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Windows Defender has been upgraded to an antivirus for Windows 10. You do not need to install another antivirus.

Windows Defender in Windows 10 resembles Microsoft Security Essentials and uses the same virus definitions:

https://en.wikipedia.org/wiki/Windows_Defender

If you do not plan on using McAfee, please uninstall McAfee Multi Access - Total Protection via Programs and Features in your Control Panel.

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

ByteFence Anti-Malware<<Please read here

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-05-2016, 08:15 AM   #3
Registered Member
 
Join Date: Jul 2015
Posts: 21
OS: Windows 7 Professional



# AdwCleaner v6.010 - Logfile created 05/09/2016 at 10:45:41
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-05.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Vicki - VICKI-PC
# Running from : C:\Users\Vicki\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A39FDC26-AB2D-4FF4-9465-8124CEF771DA}
[-] Data restored: HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A39FDC26-AB2D-4FF4-9465-8124CEF771DA}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.defaultenginename" - "Yahoo! Powered"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro"
[-] [yahoo! powered] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\Vicki\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
[-] [C:\Users\Vicki\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\Vicki\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5007 Bytes] - [05/09/2016 10:45:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [7290 Bytes] - [05/09/2016 10:42:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [4720 Bytes] - [05/09/2016 10:44:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5226 Bytes] ##########





Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Vicki (administrator) on VICKI-PC (05-09-2016 11:11:40)
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki & DefaultAppPool (Available Profiles: Vicki & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dropbox, Inc.) C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [892536 2015-07-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Spotify Web Helper] => C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-22] (Spotify Ltd)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Dropbox Update] => C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Chromium] => c:\users\vicki\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2016-09-05]
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1daff43e-db8f-4fce-bae5-55801f2b8a01}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-897019477-3370126768-1679138433-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US1134D20150719&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-15] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-15] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\84hxwpfw.default-1437948450356
FF DefaultSearchEngine.US: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
FF Keyword.URL: user_pref("keyword.URL", true);
FF SearchEngineOrder.1: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\84hxwpfw.default-1437948450356\searchplugins\McSiteAdvisor.xml [2016-08-15]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: (Norton Identity Safe Toolbar) - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2016-09-05]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Turkopticon) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (AdBlock) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-26]
CHR Extension: (Refresh Monkey) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2016-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]
CHR HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-16] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-16] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\drivers\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\system32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\system32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-07-16] (BlueStack Systems)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 11:11 - 2016-09-05 11:11 - 00022820 _____ C:\Users\Vicki\Desktop\FRST.txt
2016-09-05 11:10 - 2016-09-05 11:10 - 02397696 _____ (Farbar) C:\Users\Vicki\Desktop\FRST64.exe
2016-09-05 10:46 - 2016-09-05 10:46 - 00005317 _____ C:\Users\Vicki\Desktop\AdwCleaner[C0].txt
2016-09-05 10:41 - 2016-09-05 10:45 - 00000000 ____D C:\AdwCleaner
2016-09-05 10:41 - 2016-09-05 10:42 - 03826240 _____ C:\Users\Vicki\Downloads\AdwCleaner (2).exe
2016-09-05 10:41 - 2016-09-05 10:41 - 03826240 _____ C:\Users\Vicki\Desktop\AdwCleaner.exe
2016-09-05 10:38 - 2016-09-05 10:38 - 00003564 _____ C:\WINDOWS\System32\Tasks\{9D367E9E-1F08-4581-A895-F7657853AF73}
2016-09-03 14:27 - 2016-09-03 14:27 - 00043820 _____ C:\Users\Vicki\Desktop\dds.txt
2016-09-03 14:27 - 2016-09-03 14:27 - 00014907 _____ C:\Users\Vicki\Desktop\attach.txt
2016-09-03 14:26 - 2016-09-03 14:27 - 00688992 ____R (Swearware) C:\Users\Vicki\Downloads\dds (1).scr
2016-09-03 14:08 - 2016-09-03 14:08 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-30 21:43 - 2016-08-30 21:43 - 00003198 _____ C:\WINDOWS\System32\Tasks\DRScanner Startup
2016-08-30 21:43 - 2016-08-30 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2016-08-30 21:43 - 2016-08-30 21:43 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-08-30 21:31 - 2016-08-30 21:31 - 02527376 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64 (4).exe
2016-08-30 21:31 - 2016-08-30 21:31 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-08-30 21:31 - 2016-08-30 21:31 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-08-30 21:31 - 2016-08-30 21:31 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-08-30 21:31 - 2016-08-30 21:31 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-08-30 21:31 - 2016-08-30 21:31 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-08-30 21:31 - 2016-08-30 21:31 - 00000000 ____D C:\Users\DefaultAppPool
2016-08-30 21:31 - 2016-07-27 21:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-08-30 21:31 - 2016-07-27 21:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-08-30 21:31 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-08-15 18:22 - 2016-08-15 18:22 - 00377344 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean.exe
2016-08-15 18:22 - 2016-08-15 18:22 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-15 18:21 - 2016-08-15 18:21 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Skype
2016-08-15 18:20 - 2016-08-15 18:20 - 02526736 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64 (3).exe
2016-08-15 18:19 - 2016-08-15 18:19 - 02526736 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64 (2).exe
2016-08-15 18:17 - 2016-08-15 18:17 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-08-15 18:17 - 2016-08-15 18:17 - 00000000 ____D C:\ProgramData\Trend Micro
2016-08-15 18:16 - 2016-08-15 18:16 - 02104376 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher.exe
2016-08-15 10:26 - 2016-08-15 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-15 10:24 - 2016-09-05 09:37 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0309749B-290C-4C7B-92BE-F6030FB07214}
2016-08-15 10:22 - 2016-08-15 10:22 - 00739904 _____ (Oracle Corporation) C:\Users\Vicki\Downloads\JavaSetup8u101.exe
2016-08-15 10:22 - 2016-08-15 10:22 - 00002372 _____ C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-08-15 10:21 - 2016-08-15 10:22 - 00000000 ____D C:\Users\Vicki\AppData\Local\{E665D039-C2CD-BC81-AF55-99698B3D65F1}
2016-08-15 10:21 - 2016-08-15 10:21 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\{E638D083-C36A-BDF5-A85C-9A27748E6719}
2016-08-15 10:21 - 2016-08-15 10:20 - 00918952 _____ (Oracle Corporation) C:\Users\Vicki\Downloads\Java .exe
2016-08-15 10:20 - 2016-08-15 10:20 - 00969760 _____ ( ) C:\Users\Vicki\Downloads\Java Setup.exe
2016-08-15 10:16 - 2016-08-15 10:16 - 00000000 ____D C:\Users\Vicki\AppData\Local\MicrosoftEdge
2016-08-10 02:13 - 2016-08-10 02:13 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 01:07 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 01:07 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 01:07 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 01:07 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 01:07 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 01:07 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 01:07 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 01:07 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 01:07 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 01:07 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 01:07 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 01:07 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 01:07 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 01:07 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 01:07 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 01:07 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 01:07 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 01:07 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 01:07 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 01:07 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 01:07 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 01:07 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 01:07 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 01:07 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 01:07 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 01:07 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 01:07 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 01:07 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 01:07 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 01:07 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 01:07 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 01:07 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 01:07 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 01:07 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 01:07 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 01:07 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 01:07 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 01:07 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 01:07 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 01:07 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 01:07 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 01:07 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 01:07 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 01:07 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 01:07 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 01:07 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 01:07 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 01:07 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 01:07 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 01:07 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 01:07 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 01:07 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 01:07 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 01:07 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 01:07 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 01:07 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 01:07 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 01:07 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 01:07 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 01:07 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 01:07 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 01:07 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 01:07 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 01:07 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 01:07 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 01:07 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 01:07 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 01:07 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 01:07 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 01:07 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 01:07 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 01:07 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 01:07 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 01:07 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 01:07 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 01:07 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 01:07 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 01:07 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 01:07 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 01:07 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 01:07 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 01:07 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 01:07 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 01:07 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 01:07 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 01:07 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 01:07 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 01:07 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 01:07 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 01:07 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 01:07 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 01:07 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 01:07 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 01:07 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 01:07 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 01:07 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 01:07 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 01:07 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 01:07 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 01:07 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 01:07 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 01:07 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 01:07 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 01:07 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 01:07 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 01:07 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 01:07 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 01:07 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 01:07 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 01:07 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 01:07 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 01:07 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 01:07 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 01:07 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 01:07 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 01:07 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 01:07 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 01:07 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 01:07 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 01:06 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 01:06 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 01:06 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 01:06 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 01:06 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 01:06 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 01:06 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 01:06 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 01:06 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 01:06 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 15:50 - 2016-08-09 15:50 - 78041225 _____ C:\Users\Vicki\Downloads\6150 - Pokemon White Version 2 (DSi Enhanced)(U)(frieNDS).7z

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 11:11 - 2015-07-19 00:23 - 00000000 ____D C:\FRST
2016-09-05 11:09 - 2015-06-16 19:58 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA.job
2016-09-05 10:52 - 2016-07-27 21:41 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 10:52 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-05 10:46 - 2016-04-27 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-05 10:46 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-05 10:46 - 2015-05-25 14:44 - 00000000 ___RD C:\Users\Vicki\Dropbox
2016-09-05 10:46 - 2014-05-04 10:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 10:46 - 2014-03-30 12:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-05 10:43 - 2015-03-08 16:54 - 00000000 ____D C:\Users\Vicki\AppData\Local\CrashDumps
2016-09-05 10:40 - 2014-05-04 10:29 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 10:36 - 2015-07-19 00:01 - 00000000 ____D C:\ProgramData\McAfee
2016-09-05 10:34 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-09-05 10:34 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-05 10:33 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-09-05 10:13 - 2014-12-20 10:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 09:09 - 2015-06-16 19:58 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core.job
2016-09-04 16:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-03 15:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-03 15:15 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-03 15:15 - 2014-04-10 21:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-03 14:12 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-03 14:08 - 2015-05-25 14:44 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Dropbox
2016-08-30 21:41 - 2015-07-19 00:01 - 01615875 _____ C:\Users\Vicki\AppData\Local\census.cache
2016-08-30 21:41 - 2015-07-19 00:01 - 00177677 _____ C:\Users\Vicki\AppData\Local\ars.cache
2016-08-30 21:41 - 2015-07-18 23:59 - 00000010 _____ C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2016-08-27 03:15 - 2016-04-27 02:29 - 00342224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-21 18:51 - 2016-03-14 19:28 - 00000000 ____D C:\Users\Vicki\Desktop\2015 Tax
2016-08-15 18:22 - 2016-07-31 21:25 - 00002401 _____ C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-15 18:22 - 2016-07-31 21:25 - 00000000 ___RD C:\Users\Vicki\OneDrive
2016-08-15 12:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-15 12:01 - 2015-06-13 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-15 10:28 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-08-15 10:26 - 2016-04-03 21:49 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-15 10:26 - 2016-03-14 19:31 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-15 10:24 - 2014-10-17 22:14 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-15 10:24 - 2014-05-12 09:04 - 00000000 ____D C:\ProgramData\Oracle
2016-08-15 10:23 - 2015-09-19 00:43 - 00000000 ____D C:\Users\Vicki\.oracle_jre_usage
2016-08-15 10:23 - 2014-10-17 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-15 10:22 - 2015-07-19 00:02 - 00000000 ____D C:\Users\Vicki\AppData\Local\Chromium
2016-08-15 10:22 - 2014-10-17 22:14 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-11 16:15 - 2016-04-27 02:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 22:55 - 2016-04-27 02:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 22:55 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 02:13 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 02:13 - 2015-07-31 06:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 02:13 - 2009-07-13 22:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-08-10 02:09 - 2015-07-31 06:54 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 18:42 - 2014-05-04 10:29 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 18:42 - 2014-05-04 10:29 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-07-19 00:40 - 2016-09-05 10:39 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-19 00:01 - 2016-08-30 21:41 - 0177677 _____ () C:\Users\Vicki\AppData\Local\ars.cache
2015-07-19 00:01 - 2016-08-30 21:41 - 1615875 _____ () C:\Users\Vicki\AppData\Local\census.cache
2015-07-18 23:54 - 2015-07-18 23:54 - 0000036 _____ () C:\Users\Vicki\AppData\Local\housecall.guid.cache
2015-07-18 23:59 - 2016-08-30 21:41 - 0000010 _____ () C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2016-07-27 21:40 - 2016-07-27 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Vicki\AppData\Local\Temp\libeay32.dll
C:\Users\Vicki\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Vicki\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Vicki\AppData\Local\Temp\msvcr120.dll
C:\Users\Vicki\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-03 15:15

==================== End of FRST.txt ============================
Attached Files
File Type: txt AdwCleaner[C0].txt (5.2 KB, 23 views)
File Type: txt FRST.txt (48.0 KB, 19 views)
File Type: txt Addition.txt (46.6 KB, 23 views)
alildusty is offline  
Sponsored Links
Advertisement
 
Old 09-05-2016, 02:34 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello alildusty.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {051FA226-0250-4B80-9677-D61A887D96D8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {072294B0-2158-44CA-9264-521FC907B8AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {2BAE059F-29D7-4C5C-96E5-AA63FFAE3A21} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {2C2626BF-1334-4ED0-8DFA-3455404F8582} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {2C4118F9-4DE5-49FB-834C-BEE17422ECC8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {4EF9C31E-D748-4A6F-A516-A1DFF2975B69} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {5259C3B2-E90F-4459-B05B-A57C55F1934B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {54494E3D-1857-4DFB-A6EF-B9F1D9A6F8DF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {579C22A2-5F07-4A47-8213-573914464863} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {632300C1-BFD7-4B0F-83B3-7490D0A3D822} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6A9AA992-2203-4781-9BF4-A79856EE1D68} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {6C807071-2302-49A8-88A8-7D6113DA88D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {91B80804-BDF5-43FA-B4BE-E7D3BF0A05AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {A25E02A7-3C13-41D4-A522-4073C816A7AE} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
    Task: {A9112C0D-6A30-4F51-84C5-279A700F2EE4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FC1D6300-05E3-49DC-B0C1-B2796750C003} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]
    U3 idsvc; no ImagePath
    U3 wpcsvc; no ImagePath
    C:\Users\Vicki\AppData\Roaming\{E638D083-C36A-BDF5-A85C-9A27748E6719}
    C:\Users\Vicki\AppData\Local\{E665D039-C2CD-BC81-AF55-99698B3D65F1}
    C:\Program Files\ByteFence
    C:\Users\Vicki\AppData\Roaming\efo
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-05-2016, 06:21 PM   #5
Registered Member
 
Join Date: Jul 2015
Posts: 21
OS: Windows 7 Professional



Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Vicki (05-09-2016 21:18:12) Run:1
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {051FA226-0250-4B80-9677-D61A887D96D8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {072294B0-2158-44CA-9264-521FC907B8AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2BAE059F-29D7-4C5C-96E5-AA63FFAE3A21} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {2C2626BF-1334-4ED0-8DFA-3455404F8582} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2C4118F9-4DE5-49FB-834C-BEE17422ECC8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4EF9C31E-D748-4A6F-A516-A1DFF2975B69} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5259C3B2-E90F-4459-B05B-A57C55F1934B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {54494E3D-1857-4DFB-A6EF-B9F1D9A6F8DF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {579C22A2-5F07-4A47-8213-573914464863} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {632300C1-BFD7-4B0F-83B3-7490D0A3D822} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6A9AA992-2203-4781-9BF4-A79856EE1D68} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6C807071-2302-49A8-88A8-7D6113DA88D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {91B80804-BDF5-43FA-B4BE-E7D3BF0A05AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A25E02A7-3C13-41D4-A522-4073C816A7AE} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {A9112C0D-6A30-4F51-84C5-279A700F2EE4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FC1D6300-05E3-49DC-B0C1-B2796750C003} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Vicki\AppData\Roaming\{E638D083-C36A-BDF5-A85C-9A27748E6719}
C:\Users\Vicki\AppData\Local\{E665D039-C2CD-BC81-AF55-99698B3D65F1}
C:\Program Files\ByteFence
C:\Users\Vicki\AppData\Roaming\efo
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{051FA226-0250-4B80-9677-D61A887D96D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{051FA226-0250-4B80-9677-D61A887D96D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072294B0-2158-44CA-9264-521FC907B8AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072294B0-2158-44CA-9264-521FC907B8AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BAE059F-29D7-4C5C-96E5-AA63FFAE3A21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BAE059F-29D7-4C5C-96E5-AA63FFAE3A21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C2626BF-1334-4ED0-8DFA-3455404F8582}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C2626BF-1334-4ED0-8DFA-3455404F8582}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C4118F9-4DE5-49FB-834C-BEE17422ECC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C4118F9-4DE5-49FB-834C-BEE17422ECC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EF9C31E-D748-4A6F-A516-A1DFF2975B69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EF9C31E-D748-4A6F-A516-A1DFF2975B69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5259C3B2-E90F-4459-B05B-A57C55F1934B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5259C3B2-E90F-4459-B05B-A57C55F1934B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54494E3D-1857-4DFB-A6EF-B9F1D9A6F8DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54494E3D-1857-4DFB-A6EF-B9F1D9A6F8DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{579C22A2-5F07-4A47-8213-573914464863}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{579C22A2-5F07-4A47-8213-573914464863}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{632300C1-BFD7-4B0F-83B3-7490D0A3D822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632300C1-BFD7-4B0F-83B3-7490D0A3D822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A9AA992-2203-4781-9BF4-A79856EE1D68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9AA992-2203-4781-9BF4-A79856EE1D68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C807071-2302-49A8-88A8-7D6113DA88D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C807071-2302-49A8-88A8-7D6113DA88D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91B80804-BDF5-43FA-B4BE-E7D3BF0A05AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91B80804-BDF5-43FA-B4BE-E7D3BF0A05AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A25E02A7-3C13-41D4-A522-4073C816A7AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A25E02A7-3C13-41D4-A522-4073C816A7AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9112C0D-6A30-4F51-84C5-279A700F2EE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9112C0D-6A30-4F51-84C5-279A700F2EE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC1D6300-05E3-49DC-B0C1-B2796750C003}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC1D6300-05E3-49DC-B0C1-B2796750C003}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmlggjgglgmlgbendppbpmkpakefkmkd" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Google\Chrome\Extensions\bmlggjgglgmlgbendppbpmkpakefkmkd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmlggjgglgmlgbendppbpmkpakefkmkd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
McAfee SiteAdvisor Service => service removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Vicki\AppData\Roaming\{E638D083-C36A-BDF5-A85C-9A27748E6719} => moved successfully
C:\Users\Vicki\AppData\Local\{E665D039-C2CD-BC81-AF55-99698B3D65F1} => moved successfully
"C:\Program Files\ByteFence" => not found.
"C:\Users\Vicki\AppData\Roaming\efo" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17747217 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 69376917 B
Edge => 15231112 B
Chrome => 605492445 B
Firefox => 29892461 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1090 B
systemprofile32 => 0 B
LocalService => 8678 B
NetworkService => 6194 B
Vicki => 588487051 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:18:24 ====
alildusty is offline  
Old 09-05-2016, 06:25 PM   #6
Registered Member
 
Join Date: Jul 2015
Posts: 21
OS: Windows 7 Professional



I went and uninstall Chromium in control panel so it no longer appears there when I look to uninstall it now but when I search in the Cortana box Chromium is still there and is functioning. How do I get rid of this additional app? Is this just another harmless web browser by Google?


Thanks!
alildusty is offline  
Old 09-05-2016, 08:10 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, alildusty. You're very welcome.

As stated previously, Chromium isn't malware.

https://www.chromium.org/

Cortana is new, and I'll have to research that.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-10-2016, 09:13 PM   #8
Registered Member
 
Join Date: Jul 2015
Posts: 21
OS: Windows 7 Professional



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/10/2016
Scan Time: 11:24 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.11.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Vicki

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345580
Time Elapsed: 3 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Cassiopessa, HKLM\SOFTWARE\CLASSES\APPID\{ef494946-9425-4a5c-b373-74ccd38e8c48}, Quarantined, [da047cf41a8080b63d20781cca380ff1],
PUP.Optional.Cassiopessa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EF494946-9425-4A5C-B373-74CCD38E8C48}, Quarantined, [da047cf41a8080b63d20781cca380ff1],
PUP.Optional.Cassiopessa, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EF494946-9425-4A5C-B373-74CCD38E8C48}, Quarantined, [da047cf41a8080b63d20781cca380ff1],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [934bed836931112570b76f250bf73fc1],

Registry Values: 3
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [02dc4a261e7c83b3665ea7186d96a759]
PUP.Optional.WebBar, HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, Quarantined, [1dc1521e2f6b1c1a2626ae349a696c94]
PUP.Optional.DeskBar, HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, Quarantined, [4599b6ba970351e582c47a68a95a52ae]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.BundleInstaller, C:\Users\Vicki\Downloads\Java Setup.exe, Quarantined, [5886b6baaceed66004b75c6c996b1de3],
PUP.Optional.Cassiopessa, C:\Program Files (x86)\Mozilla Firefox\browser\components\lmn.js, Quarantined, [647ad19f81194fe7645489386f94da26],
PUP.Optional.Cassiopesa, C:\Users\Vicki\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [2ab4c8a88119f73f1145dbe76f9435cb],
PUP.Optional.BestPriceNinja, C:\Users\Vicki\AppData\Local\Chromium\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [d40a1e5212887bbb5998766bfc07c63a],
PUP.Optional.BestPriceNinja, C:\Users\Vicki\AppData\Local\Chromium\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [3ea076fae8b261d57c75f1f03ec5f907],
PUP.Optional.WinYahoo, C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\84hxwpfw.default-1437948450356\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_omxmedia_16_33&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCyCzzzztN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EtAyBzz0D0FtGyD0CyD0CtG0EtAyEyBtGtD0Azy0CtGyE0DtCyCyCzyzztCtC0ByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzutB%26cr%3D1214590957%26a%3Dwbf_omxmedia_16_33%26os_ver%3D10.0%26os%3DWindowsReplaced,[57872749b0ea58de9c0d5b4435cf7d83]B10Replaced,[57872749b0ea58de9c0d5b4435cf7d83]BPro");), %5

Physical Sectors: 0
(No malicious items detected)


(end)



C:\Users\Vicki\Dropbox\clash\CB_1665_RB_1698_exclusive.zip a variant of MSIL/GameTool.U potentially unsafe application
C:\Users\Vicki\Dropbox\clash\MyBot-5.0.zip a variant of Win32/GameTool.CQ potentially unsafe application
alildusty is offline  
Old 09-12-2016, 10:51 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, alildusty. If you installed those game tools found by ESET, you can ignore them. Else, delete them.

Where specifically do you see Chromium in Cortana?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-22-2016, 04:23 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, alildusty? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2016, 09:18 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help!
Im unable to complete the gmer scan. It wont allow me to copy the results of the scan to submit to you guys. What do I do now?
REDLEG Resolved HJT Threads 49 12-15-2013 02:15 PM
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
happili.com virus
Hi, I wrote yesterday that believe i have the happili.com virus and cannot remove it. I was told to follow the pre-post instructions. However, I could not run dds.scr. It would open ans tell me to wait. It said the scan should not last more than 3 minutes. But it never ended and I could not close...
sharkfan12 Resolved HJT Threads 23 04-17-2012 12:38 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts