Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Yahoo! Mail Redirect

This is a discussion on Yahoo! Mail Redirect within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I am posting this in General Computer Security because I don't believe my computer is infected with a virus. What


Closed Thread
 
Thread Tools Search this Thread
Old 07-12-2017, 11:40 AM   #1
Registered Member
 
Join Date: Oct 2012
Posts: 3
OS: Win10



I am posting this in General Computer Security because I don't believe my computer is infected with a virus.

What happens in Yahoo! Mail (and ONLY Yahoo! Mail) is random redirects from within mail messages to a website with the root domain of voluumtrk[dot]com. I have blocked voluumtrk in my Chrome browser, so it doesn't actually redirect, but just stops with the voluumtrk address in the address bar. I have run Malwarebytes and other anti-malware software, with no positive results.

I stress that this does not occur on any other website - only within Yahoo! Mail. My questions are: Do you believe my computer is infected? Why only in Yahoo! Mail?

Thanks.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18698
Run by Jim at 14:47:20 on 2017-07-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.1960 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\softOSD\softOSD.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\softLCP.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] c:\users\jim\appdata\local\google\update\1.3.33.5\GoogleUpdateCore.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "c:\program files\common files\research in motion\tunnel manager\PeerManager.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://b2b.partcommunity.com/FileService/FileLoader/cnsViewer3D/pwebdownloader.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://homehardware.en.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
TCP: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A} : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A}\36F6164697D277966696 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{068774ED-F678-49A3-A76D-C3791E89174A}\6494242554F405737353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1868FE3C-3C71-4767-86D2-B8EFD3224D01} : DHCPNameServer = 192.168.1.1 142.166.166.166
TCP: Interfaces\{5A055C85-11D2-49A3-9A85-08A92C8FCE41} : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{60DCE16F-4FD5-407A-8030-3C74D5F76F76} : DHCPNameServer = 192.168.2.1 142.166.166.166
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\59.0.3071.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2016-8-25 252808]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2015-10-12 16016]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2013-5-14 16176]
R1 MpKsl204e7644;MpKsl204e7644;c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\MpKsl204e7644.sys [2017-7-12 39168]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe [2013-5-14 81920]
R2 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2017-4-13 92160]
R2 FoxitReaderService;Foxit Reader Service;c:\program files\foxit software\foxit reader\FoxitConnectedPDFService.exe [2017-7-11 1659456]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2013-5-14 60928]
R2 ReflectService.exe;Macrium Reflect Utility Service;c:\program files\macrium\reflect\ReflectService.exe [2016-9-7 3024704]
R2 RIM MDNS;RIM MDNS;c:\program files\common files\research in motion\tunnel manager\mDNSResponder.exe [2015-5-26 396024]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\common files\research in motion\tunnel manager\tunmgr.exe [2015-5-26 1355000]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
R2 softOSD;softOSD;c:\program files\softosd\softOSD.exe [2010-2-24 288824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-7-31 413128]
R2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe [2013-10-11 29184]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2013-5-14 41648]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2014-10-31 588024]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\drivers\blackberryncm6.sys [2016-4-6 32776]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2015-6-17 52368]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2015-6-17 20240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2015-3-4 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-11-14 280864]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis6.sys [2015-5-26 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2015-11-12 143144]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-12-6 662232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-9-20 324224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe [2012-4-25 73728]
S3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2015-11-12 143144]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys [2015-9-11 22192]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2017-6-14 104960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-17 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2016-6-3 27192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-13 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-5-17 27136]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-5-14 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-14 1343400]
S4 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2017-6-26 42824]
S4 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\windows\system32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="c:\windows\system32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="c:\windows\system32\NOTEPAD.EXE" %1
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2017-07-12 17:02:02 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\offreg.916.dll
2017-07-12 17:00:39 39168 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\MpKsl204e7644.sys
2017-07-12 16:59:17 10685920 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{888b3cb8-603a-47d3-ac5f-500030047107}\mpengine.dll
2017-07-11 17:27:46 10685920 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2017-07-11 13:00:57 -------- d-----w- C:\NPE
2017-07-11 12:55:09 -------- d-----w- c:\users\jim\appdata\local\NPE
2017-07-11 12:55:09 -------- d-----w- c:\programdata\Norton
2017-07-07 13:48:56 323808 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2017-07-05 13:37:46 -------- d-----w- c:\program files\common files\Macrovision Shared
2017-07-05 13:37:07 -------- d-----w- c:\programdata\Dassault Systemes
2017-06-26 10:27:10 42824 ----a-w- c:\windows\system32\DbxSvc.exe
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-06-26 10:27:10 35408 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-06-21 11:02:35 -------- d-----w- c:\users\jim\appdata\local\FileZilla
2017-06-20 18:23:57 -------- d-----w- c:\users\jim\AutoSave
2017-06-14 16:03:51 -------- d-----w- c:\programdata\HitmanPro
2017-06-14 13:42:30 -------- d-----w- c:\programdata\Sophos
2017-06-14 11:14:42 987648 ----a-w- c:\windows\system32\aeinv.dll
2017-06-14 11:14:42 182784 ----a-w- c:\windows\system32\aepic.dll
2017-06-14 11:14:42 1602048 ----a-w- c:\windows\system32\aitstatic.exe
2017-06-14 11:14:42 1327616 ----a-w- c:\windows\system32\appraiser.dll
2017-06-14 11:14:41 81640 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-14 11:14:41 505856 ----a-w- c:\windows\system32\generaltel.dll
2017-06-14 11:14:41 446464 ----a-w- c:\windows\system32\devinv.dll
2017-06-14 11:14:41 275456 ----a-w- c:\windows\system32\invagent.dll
2017-06-14 11:14:41 236032 ----a-w- c:\windows\system32\centel.dll
2017-06-14 11:14:41 104960 ----a-w- c:\windows\system32\acmigration.dll
2017-06-13 14:51:06 -------- d-----w- C:\KVRT_Data
2017-06-13 00:10:24 -------- d-----w- c:\users\jim\appdata\roaming\Panda Security
2017-06-13 00:09:50 -------- d-----w- c:\program files\Panda Security
2017-06-13 00:07:51 -------- d-----w- c:\programdata\Panda Security
.
==================== Find3M ====================
.
2017-06-02 08:09:56 1549824 ----a-w- c:\windows\system32\tquery.dll
2017-06-02 08:09:50 666624 ----a-w- c:\windows\system32\mssvp.dll
2017-06-02 08:09:50 59392 ----a-w- c:\windows\system32\msscntrs.dll
2017-06-02 08:09:50 34816 ----a-w- c:\windows\system32\mssprxy.dll
2017-06-02 08:09:50 337408 ----a-w- c:\windows\system32\mssph.dll
2017-06-02 08:09:50 197120 ----a-w- c:\windows\system32\mssphtb.dll
2017-06-02 08:09:50 1400320 ----a-w- c:\windows\system32\mssrch.dll
2017-06-02 08:09:50 104448 ----a-w- c:\windows\system32\mssitlb.dll
2017-06-02 07:58:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-06-02 07:58:23 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-06-02 07:57:49 497152 ----a-w- c:\windows\HelpPane.exe
2017-06-02 07:57:42 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-06-02 07:57:31 9728 ----a-w- c:\windows\system32\msshooks.dll
2017-05-30 20:45:48 456360 ------w- c:\windows\system32\MpSigStub.exe
2017-05-21 04:10:13 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-05-21 04:10:13 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-05-21 03:46:34 50176 ----a-w- c:\windows\system32\auditpol.exe
2017-05-21 03:43:01 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-05-21 03:42:58 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-05-21 03:42:53 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-05-21 03:42:24 36352 ----a-w- c:\windows\system32\cryptbase.dll
2017-05-21 03:42:23 22016 ----a-w- c:\windows\system32\lsass.exe
2017-05-21 03:42:22 15872 ----a-w- c:\windows\system32\sspisrv.dll
2017-05-14 19:37:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2017-05-14 19:37:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2017-05-14 19:23:12 62464 ----a-w- c:\windows\system32\iesetup.dll
2017-05-14 19:22:36 499200 ----a-w- c:\windows\system32\vbscript.dll
2017-05-14 19:22:26 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2017-05-14 19:22:10 341504 ----a-w- c:\windows\system32\html.iec
2017-05-14 19:21:04 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2017-05-14 19:11:09 104960 ----a-w- c:\windows\system32\ieetwcollector.exe
2017-05-14 19:11:03 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2017-05-14 19:10:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2017-05-14 19:05:10 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2017-05-14 18:57:57 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2017-05-14 18:57:09 73216 ----a-w- c:\windows\system32\tdc.ocx
2017-05-14 18:44:07 4549120 ----a-w- c:\windows\system32\jscript9.dll
2017-05-14 18:39:09 2057216 ----a-w- c:\windows\system32\inetcpl.cpl
2017-05-14 18:38:51 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2017-05-14 18:15:06 2767872 ----a-w- c:\windows\system32\wininet.dll
2017-05-12 18:07:05 4001000 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-05-12 18:07:05 3945704 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-05-12 18:07:02 308456 ----a-w- c:\windows\system32\atmfd.dll
2017-05-12 18:04:46 1310528 ----a-w- c:\windows\system32\ntdll.dll
2017-05-12 18:03:19 629760 ----a-w- c:\windows\system32\usp10.dll
2017-05-12 18:03:18 43008 ----a-w- c:\windows\system32\srclient.dll
2017-05-12 18:03:18 400896 ----a-w- c:\windows\system32\srcore.dll
2017-05-12 18:03:16 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2017-05-12 18:03:08 26112 ----a-w- c:\windows\system32\lpk.dll
2017-05-12 18:03:07 306688 ----a-w- c:\windows\system32\gdi32.dll
2017-05-12 18:03:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2017-05-12 18:03:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2017-05-12 18:03:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2017-05-12 18:03:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2017-05-12 18:03:03 644096 ----a-w- c:\windows\system32\advapi32.dll
2017-05-12 18:03:03 50688 ----a-w- c:\windows\system32\appidapi.dll
2017-05-12 17:45:39 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2017-05-12 17:45:37 29696 ----a-w- c:\windows\system32\appidsvc.dll
2017-05-12 17:45:37 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2017-05-12 17:45:36 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2017-05-12 17:44:14 2401792 ----a-w- c:\windows\system32\win32k.sys
2017-05-12 17:43:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2017-05-12 17:43:23 262656 ----a-w- c:\windows\system32\rstrui.exe
2017-05-12 17:41:01 69632 ----a-w- c:\windows\system32\smss.exe
2017-05-12 16:25:40 909824 ----a-w- c:\windows\system32\FntCache.dll
2017-05-12 16:25:40 1251328 ----a-w- c:\windows\system32\DWrite.dll
2017-05-10 15:16:55 91368 ----a-w- c:\windows\system32\MigAutoPlay.exe
2017-05-10 15:12:50 2953216 ----a-w- c:\windows\system32\wucltux.dll
2017-05-10 15:12:50 174080 ----a-w- c:\windows\system32\wuwebv.dll
2017-05-10 15:12:38 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-05-10 15:10:22 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-05-10 15:00:46 35328 ----a-w- c:\windows\system32\wuapp.exe
2017-05-10 15:00:26 93696 ----a-w- c:\windows\system32\wudriver.dll
2017-05-10 15:00:23 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-05-10 14:47:49 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-05-09 15:11:32 497664 ----a-w- c:\windows\system32\win32spl.dll
2017-05-09 15:11:21 779776 ----a-w- c:\windows\system32\localspl.dll
2017-05-09 15:01:55 66048 ----a-w- c:\windows\system32\PrintBrmUi.exe
2017-05-09 15:01:14 29696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2017-05-07 15:14:32 78568 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2017-05-07 14:53:42 10752 ----a-w- c:\windows\system32\msmmsp.dll
2017-04-27 22:50:10 3550208 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-04-21 15:15:28 805376 ----a-w- c:\windows\system32\cdosys.dll
2017-04-17 14:54:48 7168 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 14:51:40 271360 ----a-w- c:\windows\system32\conhost.exe
2017-04-17 14:48:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-17 14:48:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-17 14:48:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-17 14:48:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-17 14:44:37 11184128 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 14:50:19.23 ===============
Attached Files
File Type: txt attach.txt (14.0 KB, 18 views)
jcoady is offline  
Sponsored Links
Advertisement
 
Old 07-12-2017, 11:47 AM   #2
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 26,031
OS: Windows10. In the past CP/M, DOS, Windows 95, 2000, 98SE, ME, Vista & Windows 7

My System


Even though you don't think it's a virus, I'm moving it to that forum as per TSF policy.
__________________

The stability of an OS is in direct proportion to the stability of the user.
Corday is offline  
Old 07-12-2017, 12:20 PM   #3
Registered Member
 
Join Date: Oct 2012
Posts: 3
OS: Win10



Thanks. The virus thread was marked as closed, and I could not post in it.
jcoady is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Outlook with Yahoo Mail and Android Phone
I have absolutely no idea how this works, so I'm hoping someone here can give me some advice. I have a **********@yahoo.com e-mail address. I use Outlook 2016 on my desktop and Mail app on my Android phone to manage mails. Up to now, when I read a mail in Outlook, it was marked as read on...
tomohawk Microsoft Office support 4 01-27-2017 07:51 AM
New User - didn't see where else to post this
I LOGGED INTO MY YAHOO CLASSIC ACCOUNT TODAY AND GOT A HUGE ANNOYING MESSAGE WARNING ME I WOULD GET THIS ANNOYING MESSAGE EACH TIME I LOGGED IN UNTIL SEPTEMBER 6TH. IT ASKED ME TO CHANGE AWAY FROM YAHOO CLASSIC WHICH I WANT TO STAY WITH SO I IN VAIN TRIED TO ASK YAHOO CHAT A SIMPLE QUESTION: "WHAT...
FRUSTRATEDBYYAH Other Browsers 2 08-08-2011 02:43 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:49 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts