Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Suspected virus

This is a discussion on Suspected virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My computer has been running worse and worse. Slow, have to reboot a lot, now I am getting pop-up ads.


Closed Thread
 
Thread Tools Search this Thread
Old 06-03-2017, 07:27 PM   #1
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



My computer has been running worse and worse. Slow, have to reboot a lot, now I am getting pop-up ads. I also get some windows box that pops up when I am playing chess. Sometimes I can hear an ad playing somewhere. I think I have some issues here. Can you please help me?
I read the instructions and ran the program you asked to run. I have attached the results.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17568
Run by Owner at 19:07:25 on 2017-06-03
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8078.4077 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antispyware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
uSearch Page = hxxp://www.google.com
mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] C:\Users\Owner\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
uRun: [OneDrive] "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Chromium] "c:\users\owner\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALTI~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}\3427F6373727F6164637D213 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}\37360447779636B6 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}\A4F6E65637 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}\C4966796E6760225F6F6D6 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}\F4075627164796F6E624271667F64456C64716D25376 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{E018AA55-4E24-4061-889F-5ACF070CFDEE} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\windows\System32\Drivers\avc3.sys [2017-2-8 1612648]
R0 gzflt;gzflt;C:\windows\System32\Drivers\gzflt.sys [2017-2-8 182944]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2014-7-26 652344]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2017-2-8 128400]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-12 731688]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-26 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-5 1124288]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2015-12-4 3971264]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-10-17 90992]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-12-11 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-11 165336]
R2 ProductAgentService;ProductAgentService;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2017-2-8 1254736]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-11 366040]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [2017-4-24 218416]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-9-12 162344]
R3 avckf;avckf;C:\windows\System32\Drivers\avckf.sys [2017-2-8 879600]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-26 121728]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-28 857472]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\Drivers\clwvd.sys [2012-6-14 31216]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-10-17 325488]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-5 68136]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]
R3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 bdelam;bdelam;C:\windows\System32\Drivers\bdelam.sys [2017-2-8 23672]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2017-3-28 1099280]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-9-12 162344]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\Drivers\hitmanpro37.sys [2014-9-18 32512]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-7-26 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 SWDUMon;SWDUMon;C:\windows\System32\Drivers\SWDUMon.sys [2016-7-15 13920]
S3 Tific System Service;Tific System Service;C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe [2014-9-18 1700648]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2015-6-17 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 BDVEDISK;BDVEDISK;C:\windows\System32\Drivers\bdvedisk.sys [2017-2-8 87912]
.
=============== Created Last 30 ================
.
2017-06-01 03:13:04 30959 ----a-w- C:\ProgramData\agent.update.1496286776.bdinstall.bin
2017-05-14 23:01:04 446152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-05-14 22:59:34 28360 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-05-14 22:47:44 207040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
==================== Find3M ====================
.
2017-05-29 16:05:09 879600 ----a-w- C:\windows\System32\drivers\avckf.sys
2017-05-29 16:04:37 1612648 ----a-w- C:\windows\System32\drivers\avc3.sys
2017-03-20 17:58:43 305120 ----a-w- C:\windows\System32\drivers\ignis.sys
.
============= FINISH: 19:10:53.68 ===============
Attached Files
File Type: txt attach.txt (5.9 KB, 23 views)
File Type: txt dds.txt (18.8 KB, 20 views)
aks4909 is offline  
Sponsored Links
Advertisement
 
Old 06-04-2017, 09:18 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-08-2017, 07:42 AM   #3
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



I'm sorry I do not see where I can subscribe to this thread. I have run the programs you suggested. I have attached the results. I will continue to check for a reply so that I can subscribe.

# AdwCleaner v6.047 - Logfile created 08/06/2017 at 06:54:38
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-07.1 [Server]
# Operating System : Windows 8 (X64)
# Username : Owner - SAMSUNG
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: YahooAUService
[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Owner\AppData\Local\slimware utilities inc
[-] Folder deleted: C:\Users\Owner\AppData\Local\NowUSeeItPlayer
[#] Folder deleted on reboot: C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Program Files\Earth Networks
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Program Files (x86)\NowUSeeItPlayer
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar


***** [ Files ] *****

[-] File deleted: C:\Users\Owner\Downloads\DriverDetective.exe
[-] File deleted: C:\windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\ByteFence
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\darwendlm
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\NowUSeeItPlayer
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ByteFence
[#] Key deleted on reboot: HKCU\Software\darwendlm
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SmartPCFixer
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\NowUSeeItPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0AFC06A-6C9E-420F-AABF-B1AC7EE1F589}
[#] Key deleted on reboot: [x64] HKCU\Software\darwendlm
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Data restored: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15241 Bytes] - [08/06/2017 06:54:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [3095 Bytes] - [08/10/2014 11:30:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [3218 Bytes] - [08/10/2014 11:41:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [14948 Bytes] - [08/06/2017 06:50:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [15535 Bytes] ##########
Attached Files
File Type: txt Addition1.txt (35.9 KB, 20 views)
File Type: txt Addition.txt (35.9 KB, 21 views)
File Type: txt AdwCleaner[C0].txt (15.4 KB, 20 views)
aks4909 is offline  
Sponsored Links
Advertisement
 
Old 06-08-2017, 09:09 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, aks4909. It appears you attached the second FRST log, Addition.txt, twice, and didn't attach the first FRST log, FRST.txt

I need to see the FRST.txt log before we can proceed. Please post or attach the FRST.txt log to your next reply. Thanks.

------------------------------------------------------

You're probably not seeing the Thread Tools tab at the top of your thread window.

Using the scroll bar at the bottom of your thread, scroll over to the right all the way, and you should now see the Thread Tools tab at the upper right-hand corner of your thread window.

Click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-08-2017, 06:14 PM   #5
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



I have attached the proper file.
aks4909 is offline  
Old 06-08-2017, 10:22 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Sorry, but I don't see the FRST.txt log.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2017, 07:34 AM   #7
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



I think I have attached it this time sorry.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by Owner (administrator) on SAMSUNG (08-06-2017 07:29:32)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [322312 2017-04-24] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-20] (Spotify Ltd)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [Chromium] => c:\users\owner\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {1146f77d-4ef7-11e3-be92-c8f7335b8b9f} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {2e3a2858-7a1d-11e5-bee9-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {8ddd677d-e40f-11e3-bea4-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\SCREEN~1.SCR [28182067 2012-10-08] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-09-04]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{55F0F1C7-C750-4FB1-8381-7699171F966B}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{E018AA55-4E24-4061-889F-5ACF070CFDEE}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-44c2de6f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-44c2de6f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {37925FE6-6B4B-4039-8178-7CAE56787370} URL =
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-04-24] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-04-24] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-04-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-04-24] (Bitdefender)
Toolbar: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-04-24] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-05-07]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824779529-2921129160-1241652601-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3824779529-2921129160-1241652601-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-44c2de6f","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-06-08]
CHR Extension: (Yahoo Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-02-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Map Beast) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan [2016-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 Tific System Service; C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe [1700648 2014-09-05] (Tific AB)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-04-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1442896 2017-05-29] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\windows\System32\DRIVERS\avc3.sys [1612648 2017-05-29] (BitDefender)
R3 avckf; C:\windows\System32\DRIVERS\avckf.sys [879600 2017-05-29] (BitDefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
S4 BDVEDISK; C:\windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [121728 2012-08-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-28] (Motorola Solutions, Inc.)
R0 gzflt; C:\windows\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-10-08] ()
R3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R0 trufos; C:\windows\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 aswHdsKe; \??\C:\windows\system32\drivers\aswHdsKe.sys [X]
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 07:29 - 2017-06-08 07:30 - 00024685 _____ C:\Users\Owner\Downloads\FRST.txt
2017-06-08 07:28 - 2017-06-08 07:29 - 00000000 ____D C:\FRST
2017-06-08 07:28 - 2017-06-08 07:28 - 02435072 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2017-06-08 07:27 - 2017-06-08 07:27 - 02435072 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-06-08 07:25 - 2017-06-08 07:25 - 00015803 _____ C:\Users\Owner\Desktop\AdwCleaner[C0].txt
2017-06-08 07:03 - 2017-06-08 07:03 - 00030361 _____ C:\ProgramData\agent.update.1496930531.bdinstall.bin
2017-06-08 06:45 - 2017-06-08 06:45 - 04110280 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2017-06-07 08:06 - 2017-06-07 08:06 - 05139495 _____ C:\Users\Owner\Downloads\280443835671754.mp4
2017-06-03 19:11 - 2017-06-03 19:11 - 00006075 _____ C:\Users\Owner\Desktop\attach.txt
2017-06-03 19:11 - 2017-06-03 19:10 - 00019302 _____ C:\Users\Owner\Desktop\dds.txt
2017-06-03 19:06 - 2017-06-03 19:06 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2017-05-21 18:31 - 2017-05-23 22:24 - 00018711 ____H C:\Users\Owner\Desktop\~WRL3957.tmp
2017-05-21 18:31 - 2017-05-21 18:31 - 00015581 ____H C:\Users\Owner\Desktop\~WRL0736.tmp
2017-05-19 13:18 - 2017-05-19 13:18 - 87742292 _____ C:\Users\Owner\Downloads\xvideos.com_0158ea752931eaf0d9d2e82973dceea6.mp4
2017-05-14 10:45 - 2017-05-14 10:45 - 00000000 ____D C:\Users\Owner\AppData\Temp
2017-05-13 12:52 - 2017-05-13 12:52 - 00656544 _____ (PC Drivers HeadQuarters LP) C:\Users\Owner\Downloads\DriverSupport.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 07:30 - 2012-12-11 01:28 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2017-06-08 07:29 - 2013-07-04 11:50 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3824779529-2921129160-1241652601-1001
2017-06-08 07:26 - 2012-12-11 01:25 - 00000000 ____D C:\ProgramData\WinClon
2017-06-08 07:25 - 2013-10-06 05:43 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-06-08 07:23 - 2017-02-08 13:27 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-08 07:18 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-06-08 07:14 - 2012-07-26 00:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-06-08 07:12 - 2017-02-08 13:47 - 00017103 _____ C:\bdlog.txt
2017-06-08 07:12 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\BBI
2017-06-08 06:54 - 2014-10-08 11:29 - 00000000 ____D C:\AdwCleaner
2017-06-08 06:53 - 2014-01-21 11:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yahoo!
2017-06-08 06:53 - 2014-01-21 11:01 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Yahoo!
2017-06-08 06:53 - 2014-01-21 10:59 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-06-01 16:02 - 2012-07-26 01:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-01 16:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\AUInstallAgent
2017-06-01 15:21 - 2012-07-26 01:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-01 15:18 - 2012-12-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-29 09:05 - 2017-02-08 13:37 - 00879600 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2017-05-29 09:04 - 2017-02-08 13:37 - 01612648 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2017-05-23 19:39 - 2013-08-30 07:14 - 00000000 ____D C:\windows\system32\MRT
2017-05-23 19:33 - 2013-07-04 13:28 - 132223576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-05-15 22:52 - 2014-06-08 10:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-05-11 15:01 - 2013-12-24 15:39 - 00002391 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 15:01 - 2013-12-24 15:39 - 00002383 _____ C:\Users\Owner\Desktop\Google Chrome.lnk
2017-05-09 15:25 - 2016-07-15 18:04 - 00004424 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 15:25 - 2015-11-09 16:23 - 00004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 15:25 - 2012-07-26 01:12 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-05-09 15:25 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\Macromed

==================== Files in the root of some directories =======

2014-03-27 14:21 - 2014-10-08 11:26 - 0000600 _____ () C:\Users\Owner\AppData\Roaming\winscp.rnd
2013-10-06 05:39 - 2013-10-06 05:39 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-12-06 14:08 - 2014-05-13 08:15 - 0010240 _____ () C:\Users\Owner\AppData\Local\[email protected]!-8d02a304-edaa-4699-b24f-fdeca8d19ea2.tmp
2014-12-06 14:08 - 2014-05-13 08:15 - 0009216 _____ () C:\Users\Owner\AppData\Local\[email protected]!-e04c0d4a-8807-434d-8650-20a23f7826df.tmp
2017-02-08 13:27 - 2017-02-08 13:27 - 0047198 _____ () C:\ProgramData\agent.1486585650.bdinstall.bin
2017-02-08 13:47 - 2017-02-08 13:47 - 0028945 _____ () C:\ProgramData\agent.1486586802.bdinstall.bin
2017-02-08 13:46 - 2017-02-08 13:46 - 0009186 _____ () C:\ProgramData\agent.1486586808.bdinstall.bin
2017-02-08 13:58 - 2017-02-08 13:58 - 0028942 _____ () C:\ProgramData\agent.1486587514.bdinstall.bin
2017-02-08 14:04 - 2017-02-08 14:04 - 0028943 _____ () C:\ProgramData\agent.1486587848.bdinstall.bin
2017-06-08 07:03 - 2017-06-08 07:03 - 0030361 _____ () C:\ProgramData\agent.update.1496930531.bdinstall.bin
2017-02-08 13:41 - 2017-02-08 13:41 - 0387786 _____ () C:\ProgramData\cl.1486585852.bdinstall.bin
2017-02-08 13:59 - 2017-02-08 13:59 - 0057341 _____ () C:\ProgramData\dm.1486587549.bdinstall.bin
2017-02-12 20:17 - 2017-02-12 20:17 - 0036367 _____ () C:\ProgramData\dm.uninstall.1486955765.bdinstall.bin
2012-12-11 01:17 - 2013-02-21 13:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-12-11 01:17 - 2013-01-12 20:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Some files in TEMP:
====================
2016-09-04 22:10 - 2016-07-19 17:31 - 0185768 _____ (RealNetworks, Inc.) C:\Users\Owner\AppData\Local\Temp\lowproc.exe
2017-02-08 13:13 - 2017-02-08 13:13 - 1074688 _____ (Opera Software) C:\Users\Owner\AppData\Local\Temp\safezone_installer_2017281337542.dll
2016-09-04 22:10 - 2016-07-19 17:31 - 0096496 _____ (RealNetworks, Inc.) C:\Users\Owner\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-08 07:01

==================== End of FRST.txt ============================
Attached Files
File Type: txt FRST.txt (31.6 KB, 17 views)
aks4909 is offline  
Old 06-10-2017, 01:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, aks4909. No worries. Were you able to subscribe to your thread?

Have you set your Chrome home page, DefaultSearch, etc. to Yahoo?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2017, 11:06 PM   #9
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



Yes I usually do set it to Yahoo.
aks4909 is offline  
Old 06-11-2017, 07:38 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, aks4909. OK, thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://www.eightforums.com/tutorials...ndows-8-a.html

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    AlternateDataStreams: C:\Users\Owner\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\Owner\Downloads\dds.scr:BDU [0]
    AlternateDataStreams: C:\Users\Owner\Downloads\DriverSupport.exe:BDU [0]
    AlternateDataStreams: C:\Users\Owner\Downloads\FRST64 (1).exe:BDU [0]
    AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:BDU [0]
    HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {1146f77d-4ef7-11e3-be92-c8f7335b8b9f} - "E:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {2e3a2858-7a1d-11e5-bee9-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {8ddd677d-e40f-11e3-bea4-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {37925FE6-6B4B-4039-8178-7CAE56787370} URL =
    SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
    U0 aswVmm; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-13-2017, 09:26 PM   #11
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



I'm sorry but can you please explain further what you mean by saving the file near the FRST64 file... not sure how to save that "next" to another file. Just locate it by dragging it to a particular location? Also tried to create a backup and the instructions did not seem to address windows 8 operating system. Am I just missing it?
aks4909 is offline  
Old 06-14-2017, 09:38 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Both FRST and fixlist.txt have to be saved to the same folder. Then open FRST and click the Fix button.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-15-2017, 02:57 PM   #13
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



I am very sorry but I am not the most computer savy guy and I am really having trouble understanding or accomplishing getting both the program to run and the text into the same folder. When I run the program I don't get an icon on my desktop nor do I get the option to save it to my desktop. I am running it from the link you provided me some time ago. I don't mean to take up your time as I know you are busy helping others, but I am just at this roadblock... hoping you can help.
aks4909 is offline  
Old 06-15-2017, 09:48 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
I am running it from the link you provided me some time ago
Actually the instructions were:

Quote:
Please download Farbar Recovery Scan Tool and save it to your desktop
and same as for the fixlist.txt you create.

You actually saved FRST to:

Quote:
Running from C:\Users\Owner\Downloads
So they either both have to be on your desktop, or both have to be in C:\Users\Owner\Downloads

Please pick one and make sure both FRST and fixlist.txt are in the same folder/directory. Let me know if you still have trouble.

------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-17-2017, 08:55 AM   #15
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



Hello again and thank you for the help with that. I hope I ran this correctly and posted the correct result. I seemed to think I got further than I had before. I had both files located in "downloads". I have pasted the result below.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Owner (17-06-2017 08:33:30) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
AlternateDataStreams: C:\Users\Owner\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Downloads\dds.scr:BDU [0]
AlternateDataStreams: C:\Users\Owner\Downloads\DriverSupport.exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:BDU [0]
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {1146f77d-4ef7-11e3-be92-c8f7335b8b9f} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {2e3a2858-7a1d-11e5-bee9-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\...\MountPoints2: {8ddd677d-e40f-11e3-bea4-c8f7335b8b9f} - "D:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {37925FE6-6B4B-4039-8178-7CAE56787370} URL =
SearchScopes: HKU\S-1-5-21-3824779529-2921129160-1241652601-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
U0 aswVmm; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
C:\Users\Owner\Downloads\AdwCleaner.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\dds.scr => ":BDU" ADS could not remove.
C:\Users\Owner\Downloads\DriverSupport.exe => ":BDU" ADS removed successfully.
"C:\Users\Owner\Downloads\FRST64 (1).exe" => ":BDU" ADS not found.
"C:\Users\Owner\Downloads\FRST64.exe" => ":BDU" ADS not found.
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1146f77d-4ef7-11e3-be92-c8f7335b8b9f} => key removed successfully
HKLM\Software\Classes\CLSID\{1146f77d-4ef7-11e3-be92-c8f7335b8b9f} => key not found.
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e3a2858-7a1d-11e5-bee9-c8f7335b8b9f} => key removed successfully
HKLM\Software\Classes\CLSID\{2e3a2858-7a1d-11e5-bee9-c8f7335b8b9f} => key not found.
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ddd677d-e40f-11e3-bea4-c8f7335b8b9f} => key removed successfully
HKLM\Software\Classes\CLSID\{8ddd677d-e40f-11e3-bea4-c8f7335b8b9f} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37925FE6-6B4B-4039-8178-7CAE56787370} => key removed successfully
HKLM\Software\Classes\CLSID\{37925FE6-6B4B-4039-8178-7CAE56787370} => key not found.
HKU\S-1-5-21-3824779529-2921129160-1241652601-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key removed successfully
HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30168164 B
Java, Flash, Steam htmlcache => 612 B
Windows/system/drivers => 715193402 B
Edge => 0 B
Chrome => 878092562 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 994064 B
NetworkService => 0 B
Owner => 465937752 B

RecycleBin => 62964403 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:37:11 ====
aks4909 is offline  
Old 06-18-2017, 10:46 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, aks4909. Well done!

You're very welcome. How is the machine behaving?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-20-2017, 06:09 PM   #17
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



Here are the files you requested.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\PassShow\Uninstall.exe.vir a variant of Win32/AdWare.AddLyrics.AB application
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}Gt.sys.vir a variant of Win64/BrowseFox.BO potentially unwanted application
C:\Users\Owner\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Owner\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/19/2017
Scan Time: 1:43 PM
Logfile: MBAMscan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2017.06.19.08
Rootkit Database: v0000.00.00.00
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300751
Time Elapsed: 24 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [3cd8a0a1aaff290d0a8612aace3337c9],
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [a272d46d911873c3d1bf615b0bf69070],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\css, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\html, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\html\popup, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\js, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\js\popup, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\newtab, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\_locales, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\_locales\en, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\_metadata, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],

Files: 37
PUP.Optional.DriverUpdate, C:\Users\Owner\Downloads\DriverUpdate-setup.exe, Quarantined, [6da73908189173c38dd74af58d739868],
PUP.Optional.InstallCore, C:\Users\Owner\Downloads\FlashPlayer_Updater (1).zip, Quarantined, [819375ccc2e7b6806491842914ede21e],
PUP.Optional.InstallCore, C:\Users\Owner\Downloads\FlashPlayer_Updater (2).zip, Quarantined, [fd17231e6e3bd06610e57e2f0df4ba46],
PUP.Optional.FlvDownloader, C:\Users\Owner\Downloads\FlashPlayer_Updater [1].exe, Quarantined, [6ba998a98920270f1e807d06659c21df],
PUP.Optional.InstallCore, C:\Users\Owner\Downloads\FlashPlayer_Updater.zip, Quarantined, [a074142d50598caac2333d70d32e25db],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"] }}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindowsReplaced,[6ba972cfd3d68bab0ec2aaad61a2cf31]B8&uref=chmm"] }}), %5
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\background.js, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\icon.png, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\manifest.json, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\css\description.css, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\css\popup.css, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\html\popup\description.html, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\html\popup\popup.html, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\js\userNewTab.js, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\js\popup\popup.js, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\newtab\newtab.html, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\_locales\en\messages.json, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfgkmglngfjihijajckoidgoglmajan\1.7_0\_metadata\verified_contents.json, Quarantined, [63b15ee39b0e3afca80a6026b14f9f61],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"] }}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyD0Bzz0Bzy0C0BtDtC0BtN0D0Tzu0StCyDtAtCtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzytA0DyC0DtAtGyE0DtD0BtG0A0D0E0AtGyE0A0C0DtGyBzzzz0FtAtD0BtC0D0C0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0EzztD0E0A0EtCtGtCtB0FyCtGyE0DyEtAtGzyzytAzytGyC0A0ByCtBtAzy0CzytBzztA2QtN0A0LzutB%26cr%3D1315419536%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D6.2%26os%3DWindowsReplaced,[d53ff051466345f1aef11b3c44bf619f]B8","https://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-44c2de6f","https://www.google.com/"] },"sync":{}}), %5
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\HowToRemove.html, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\chromium-min.jpg, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\control panel-min-min.JPG, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\down.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\ff menu.JPG, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\ff search engine-min.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\hp-min ff.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\hp-min ie.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\search engine.gif, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\setup pages.gif, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\sp-min.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\start-min.jpg, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\HowToRemove\up.png, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\info.dat, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\install.log, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\lale, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\Sqlite3.dll, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],
PUP.Optional.WinYahoo, C:\Users\Owner\AppData\Local\{04CF3293-2067-5E2B-4DFF-7BC36997875B}\uninst.dat, Quarantined, [21f30e3379306ccaa13487cfb44f24dc],

Physical Sectors: 0
(No malicious items detected)


(end)
aks4909 is offline  
Old 06-20-2017, 08:37 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, aks4909. How is the machine behaving? Let me know and I will give you some final instructions.

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-21-2017, 02:07 PM   #19
Registered Member
 
Join Date: Nov 2005
Posts: 104
OS: win2000



Hello again, overall the machine seems to be better but still one issue. Not sure if its a problem or not. On some sites like this one or yahoo, it seems the site is constantly updating or something. The little icon at the top in the tab that is associated with the site, in this sites case, it is a little green circuit board. That flickers constantly and it causes my typing to be hesitant and delayed in some cases. It is flickering as we speak. Can you help with this? Thank you for all of your help to get me to this point. I really appreciate it.
aks4909 is offline  
Old 06-22-2017, 03:40 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Can you post a pic of the icon that flickers?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspected virus in hard drive
I'm not really sure what kind of virus it is because my antivirus won't detect it anymore. I got it from my friend's memory card (Micro SD) when I attempted to clean it. Ever since, I've observed unusual things going on in my laptop. Whenever I uninstall a program, the free disk space in my drive...
Ellenjane Inactive Malware Help Topics 2 11-14-2013 07:09 AM
I scanned =o
Hi. I was redirected from this thread and told to virus scan and stuff. So here it is! Dds: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0 Run by Pojo at 11:59:08 on 2012-09-28 Microsoft Windows 7 Home Premium ...
Paranite Resolved HJT Threads 18 10-21-2012 07:25 AM
The startsear.ch virus
Hi, I recently discovered my computer has been infected by this virus. I looked through some of the threads already posted on this issue, but I am not incredibly savy with logs and registry keys so I was hoping someone could help me do this step by step to make sure I can remove this correctly...
Xeneisez Resolved HJT Threads 24 11-14-2011 03:54 AM
dwm.exe / csrss.exe / conhost.exe?
I am trying to clean up this computer for a friend - unfortunately someone else has already been messing around with it and trying to sort it out (I found various cleanup programs on the desktop) but to no avail. As far as I can see/have been told the symptoms have been - Hiding all documents...
lm03929z Resolved HJT Threads 20 05-09-2011 03:42 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:52 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts