Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Error Message that got transferred to my new computer


  • This topic is locked This topic is locked
25 replies to this topic

#1 TheFog

TheFog

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 31 January 2016 - 06:57 PM

Hi so before I received my new computer last year, I wanted to go on HJT just for a checkup on seeing if my PC is doing ok. Well I got this message:

 

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.


If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

And press Enter. Find the line(s) Hijack This reports and delete the. Save the file as ‘hosts’. (with quotes), and reboot."

 

After I bought my new computer I asked the Geek Squad to transfer my old hard drive from my last computer into my new computer's hard drive. I tried HJT again I still received the same message so there's a possibility that there could be some malware/virus/keylogger that got transferred to my new PC, not so sure but I'd like to find out. Also I've had the Command Prompt window pop up and disappear suddenly at random times on both the old and new computer and I'd like to sort that out. Another observation I've seen is that with the new computer, I've seen the mouse and hourglass sign show up at the same time really randomly even though I'm not active on the computer and I've also seen my current window become de-selected on its own (the bar even changes colors as if you clicked on another window even though you didn't switch to another window). I appreciate any help given :)

 

Here's my HiJackThis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:53:58 PM, on 1/31/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
 
FIREFOX: 38.0.1 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Rodriguez\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodriguez\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B94C0B45D136EC85A8352C8C4CD34145] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\windows\SysWOW64\tbaseprovisioning.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
--
End of file - 13301 bytes

Edited by TheFog, 31 January 2016 - 06:59 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 01 February 2016 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it via Control Panel > Programs and Features applet.
Use the Farbar tool from now on to report problems.

Run the suggested programs and post the logs for my review.
Let me know what problems you are having with this computer.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Wait for further instructions.

#3 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 February 2016 - 08:51 AM

MALWAREBYTES LOG (9 Non-Malware Detections but that was it):

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/2/2016
Scan Time: 7:06 AM
Logfile: malware bytes 2-2-16 scan.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.02.02.02
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Rodriguez
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368598
Time Elapsed: 43 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ADWCLEANER LOG:
 
# AdwCleaner v5.032 - Logfile created 02/02/2016 at 08:13:21
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Rodriguez - RODRIGUEZ-PC
# Running from : C:\Users\Rodriguez\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\Program Files (x86)\TweakBit
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder Deleted : C:\Users\Rodriguez\AppData\Local\pokki
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\Users\Rodriguez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKCU\Software\Pokki
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[!] Key Not Deleted : HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Pokki
[!] Key Not Deleted : HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
[!] Value Not Deleted : HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
[-] Value Deleted : HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Key Deleted : HKCU\Software\Classes\pokki
[!] Key Not Deleted : HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Classes\pokki
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2278 bytes] ##########
 
 
FARBAR FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Rodriguez (administrator) on RODRIGUEZ-PC (02-02-2016 08:27:22)
Running from C:\Users\Rodriguez\Downloads
Loaded Profiles: Rodriguez (Available Profiles: Rodriguez)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Embedded Callback - easytechsupport.staples.com] => C:\ProgramData\bomgar-scc-cb\easytechsupport.staples.com\embedhook-x86.exe [8192 2015-04-20] (#COMPANY                                                                                                                                                                                                                                                       )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\...\Run: [Google Update] => C:\Users\Rodriguez\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-02] (Google Inc.)
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\...\Run: [GoogleChromeAutoLaunch_B94C0B45D136EC85A8352C8C4CD34145] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 72.45.32.147 72.45.32.148
Tcpip\..\Interfaces\{4C475C0D-9EFE-41F9-8DAB-5F928762F342}: [DhcpNameServer] 72.45.32.147 72.45.32.148
Tcpip\..\Interfaces\{706428F0-D7A1-4F64-B53B-FC7EA8C8A4CD}: [DhcpNameServer] 12.127.17.77 216.57.130.1 12.127.16.77 216.57.128.2 12.127.16.68
 
Internet Explorer:
==================
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002 -> {76265E35-6166-4B5A-8F60-221CC72A597A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-05] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Rodriguez\AppData\Roaming\Mozilla\Firefox\Profiles\c50glrnz.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1363175399-1600664838-2004784281-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rodriguez\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1363175399-1600664838-2004784281-1002: @talk.google.com/O1DPlugin -> C:\Users\Rodriguez\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1363175399-1600664838-2004784281-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Rodriguez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1363175399-1600664838-2004784281-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Rodriguez\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rodriguez\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rodriguez\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-05]
 
Chrome: 
=======
CHR Profile: C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-09]
CHR Extension: (Google Sheets) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Google Hangouts) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Rodriguez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-05] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-29] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-05] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-05] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-05] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 08:27 - 2016-02-02 08:29 - 00023520 _____ C:\Users\Rodriguez\Downloads\FRST.txt
2016-02-02 08:26 - 2016-02-02 08:27 - 00000000 ____D C:\FRST
2016-02-02 08:26 - 2016-02-02 08:26 - 02370560 _____ (Farbar) C:\Users\Rodriguez\Downloads\FRST64.exe
2016-02-02 08:19 - 2016-02-02 08:19 - 00002357 _____ C:\Users\Rodriguez\Desktop\AdwCleaner[C1].txt
2016-02-02 08:18 - 2015-04-20 05:29 - 00030208 _____ (#COMPANY ) C:\Users\Rodriguez\AppData\Local\Z@H!-286292098352633193258-64.tmp
2016-02-02 08:18 - 2015-04-20 05:29 - 00025088 _____ (#COMPANY ) C:\Users\Rodriguez\AppData\Local\Z@H!-286292098352633193258-32.tmp
2016-02-02 07:57 - 2016-02-02 08:13 - 00000000 ____D C:\AdwCleaner
2016-02-02 07:56 - 2016-02-02 07:56 - 01508352 _____ C:\Users\Rodriguez\Downloads\AdwCleaner.exe
2016-02-02 07:47 - 2016-02-02 07:47 - 00002518 _____ C:\Users\Rodriguez\Desktop\malware bytes 2-2-16 protection log.txt
2016-02-02 07:46 - 2016-02-02 07:46 - 00001063 _____ C:\Users\Rodriguez\Desktop\malware bytes 2-2-16 scan.txt
2016-02-01 23:51 - 2016-02-02 08:19 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-01 23:49 - 2016-02-01 23:49 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-01 23:49 - 2016-02-01 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-01 23:49 - 2016-02-01 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-01 23:49 - 2016-02-01 23:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-01 23:49 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-01 23:49 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-01 23:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-01 23:46 - 2016-02-01 23:46 - 22908888 _____ (Malwarebytes ) C:\Users\Rodriguez\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-31 18:10 - 2016-01-31 18:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rodriguez\Downloads\HijackThis.exe
2016-01-31 17:59 - 2016-02-02 08:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 23:49 - 2016-02-01 23:28 - 00095744 ___SH C:\Users\Rodriguez\Downloads\Thumbs.db
2016-01-12 18:02 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 18:02 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 18:02 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-12 18:02 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 18:02 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 18:02 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 18:02 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-12 18:02 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-01-12 18:02 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 18:02 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-12 18:02 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-12 18:02 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-12 18:02 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-01-12 18:02 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-12 18:02 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-12 18:02 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-12 18:02 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-12 18:02 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-12 18:02 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-12 18:02 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-12 18:02 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-12 18:01 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 18:01 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-12 18:01 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 18:01 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 18:00 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 18:00 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-12 18:00 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-12 18:00 - 2015-12-09 19:40 - 00033456 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-12 18:00 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 18:00 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 18:00 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 18:00 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 18:00 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-01-12 18:00 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-01-12 18:00 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-12 18:00 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2016-01-12 18:00 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-12 18:00 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-01-12 18:00 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-12 18:00 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2016-01-12 18:00 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-12 18:00 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-12 18:00 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 18:00 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 18:00 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 18:00 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 18:00 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 18:00 - 2015-12-03 12:58 - 00378880 ____C (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-12 18:00 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-01-12 18:00 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 18:00 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 18:00 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 18:00 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 18:00 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 18:00 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 18:00 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 18:00 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-01-12 18:00 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-12 18:00 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 18:00 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 18:00 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 18:00 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 18:00 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 18:00 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 18:00 - 2015-11-17 16:07 - 01380864 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 00705024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 18:00 - 2015-11-17 16:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 08:29 - 2014-08-16 16:03 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-02-02 08:22 - 2015-04-19 04:21 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1363175399-1600664838-2004784281-1002
2016-02-02 08:20 - 2015-04-20 04:19 - 00003758 _____ C:\windows\System32\Tasks\AutoKMS
2016-02-02 08:20 - 2015-04-19 04:49 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{BAD21C42-FC58-4A96-BD15-5F30E87789FE}
2016-02-02 08:19 - 2015-06-02 09:50 - 00000950 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1363175399-1600664838-2004784281-1002UA.job
2016-02-02 08:19 - 2015-04-27 23:40 - 00000000 ___DO C:\Users\Rodriguez\OneDrive
2016-02-02 08:18 - 2015-04-24 14:01 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-02 08:18 - 2015-04-19 04:59 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 08:18 - 2014-08-16 15:37 - 04353868 _____ C:\windows\SysWOW64\rootpa.e2e
2016-02-02 08:17 - 2015-04-19 07:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-02 08:17 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-02 08:16 - 2015-04-19 04:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-02 08:16 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-02-02 08:13 - 2014-08-16 15:46 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-02-02 07:38 - 2015-04-19 04:59 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 01:33 - 2015-04-19 04:59 - 00003904 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 01:33 - 2015-04-19 04:59 - 00003668 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 01:19 - 2015-06-02 09:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1363175399-1600664838-2004784281-1002Core.job
2016-02-01 23:50 - 2015-08-05 09:51 - 00069120 ___SH C:\Users\Rodriguez\Desktop\Thumbs.db
2016-02-01 20:02 - 2015-04-19 04:14 - 00000000 ____D C:\Users\Rodriguez
2016-01-31 18:11 - 2015-04-19 04:15 - 00000000 ____D C:\Users\Rodriguez\AppData\Local\VirtualStore
2016-01-28 22:37 - 2015-04-19 05:00 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 22:37 - 2015-04-19 05:00 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-26 00:23 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-26 00:23 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2016-01-18 01:06 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2016-01-17 22:33 - 2014-03-18 04:53 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-17 22:33 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf
2016-01-17 22:22 - 2015-04-24 00:50 - 00000000 ____D C:\windows\system32\appraiser
2016-01-17 22:22 - 2015-04-24 00:47 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-17 22:21 - 2015-04-29 19:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 22:18 - 2015-04-19 05:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-17 22:18 - 2015-04-19 05:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 00:53 - 2015-04-19 05:31 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 00:53 - 2015-04-19 05:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 22:42 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2016-01-12 22:41 - 2015-04-19 05:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-12 22:40 - 2015-04-19 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 22:32 - 2013-08-22 08:25 - 00000262 _____ C:\windows\win.ini
2016-01-12 22:25 - 2015-04-22 05:52 - 00000000 ____D C:\windows\system32\MRT
2016-01-12 22:18 - 2015-04-22 05:52 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-05 15:04 - 2013-08-22 10:38 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 15:04 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-04-19 04:15 - 2015-04-19 04:15 - 0000193 _____ () C:\Users\Rodriguez\AppData\Local\RegisteredPackageInformation.xml
2016-02-02 08:18 - 2015-04-20 05:29 - 0025088 _____ (#COMPANY                                                                                                                                                                                                                                                       ) C:\Users\Rodriguez\AppData\Local\Z@H!-286292098352633193258-32.tmp
2016-02-02 08:18 - 2015-04-20 05:29 - 0030208 _____ (#COMPANY                                                                                                                                                                                                                                                       ) C:\Users\Rodriguez\AppData\Local\Z@H!-286292098352633193258-64.tmp
2015-08-23 22:03 - 2015-08-23 22:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-16 15:35 - 2014-08-16 15:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Rodriguez\AppData\Local\Temp\driver-updater-setup.exe
C:\Users\Rodriguez\AppData\Local\Temp\MegaBackup.exe
C:\Users\Rodriguez\AppData\Local\Temp\pc-status-monitor-setup.exe
C:\Users\Rodriguez\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-02 08:06
 
==================== End of FRST.txt ============================
 
FARBAR Addition.txt file is attached to the post.
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 02 February 2016 - 10:02 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShortcutWithArgument: C:\Users\Public\Desktop\Staples EasyTech Remote Support.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) ->  /c C:\ProgramData\bomgar-scc-cb\easytechsupport.staples.com\start.bat
HKLM\...\Run: [Embedded Callback - easytechsupport.staples.com] => C:\ProgramData\bomgar-scc-cb\easytechsupport.staples.com\embedhook-x86.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002 -> {76265E35-6166-4B5A-8F60-221CC72A597A} URL =
CustomCLSID: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rodriguez\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {AEDD16D0-04CB-4038-BAF1-F7D61A08CC98} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2015-04-20] ()
C:\windows\AutoKMS
C:\ProgramData\bomgar-scc-cb

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Please post the log and let me know what problem persists.

#5 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 02 February 2016 - 08:03 PM

fixlog.txt LOG:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Rodriguez (2016-02-02 10:30:17) Run:1
Running from C:\Users\Rodriguez\Downloads
Loaded Profiles: Rodriguez (Available Profiles: Rodriguez)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShortcutWithArgument: C:\Users\Public\Desktop\Staples EasyTech Remote Support.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) ->  /c C:\ProgramData\bomgar-scc-cb\easytechsupport.staples.com\start.bat
HKLM\...\Run: [Embedded Callback - easytechsupport.staples.com] => C:\ProgramData\bomgar-scc-cb\easytechsupport.staples.com\embedhook-x86.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002 -> {76265E35-6166-4B5A-8F60-221CC72A597A} URL =
CustomCLSID: HKU\S-1-5-21-1363175399-1600664838-2004784281-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rodriguez\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {AEDD16D0-04CB-4038-BAF1-F7D61A08CC98} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2015-04-20] ()
C:\windows\AutoKMS
C:\ProgramData\bomgar-scc-cb
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Public\Desktop\Staples EasyTech Remote Support.lnk => Shortcut argument removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Embedded Callback - easytechsupport.staples.com => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1363175399-1600664838-2004784281-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76265E35-6166-4B5A-8F60-221CC72A597A}" => key removed successfully
HKCR\CLSID\{76265E35-6166-4B5A-8F60-221CC72A597A} => key not found. 
"HKU\S-1-5-21-1363175399-1600664838-2004784281-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AEDD16D0-04CB-4038-BAF1-F7D61A08CC98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEDD16D0-04CB-4038-BAF1-F7D61A08CC98}" => key removed successfully
C:\windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\windows\AutoKMS => moved successfully
C:\ProgramData\bomgar-scc-cb => moved successfully
EmptyTemp: => 5.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:32:11 ====
 
No issues at the moment but if there are in the future I will update you.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 03 February 2016 - 09:35 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 03 February 2016 - 10:07 AM

I'm still noticing that my current window becomes de-selected on its own (the bar on the window goes lighter) but it doesn't switch to another window, it just gets deselected and then the bar turns back normal as if it is the current window again while I'm not active on the computer. Do you know why that could that be happening?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 03 February 2016 - 10:11 AM

Which browser are you using?

Just check this topic.
http://www.tomshardware.com/forum/70295-63-every-minues-lose-focus-application

Edited by nasdaq, 03 February 2016 - 10:13 AM.


#9 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 03 February 2016 - 09:52 PM

No it's not like that topic. First, I'm not even on a browser when this happens. I would be on Windows Photo Viewer and there'll be a current window open of a picture. The bar on top of the picture goes to gray and then back to blue, it doesn't even switch to another window. It's really weird because it's deselecting the window by itself but it's not even switching to another window, it's still the current window but the bar color changes by itself. I'm not doing anything to it, the computer is doing it on its own.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 04 February 2016 - 08:24 AM


This is not caused by malware.

It may be a Driver issue your Graphics card is the cause.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Control Panel > Programs and Features applet.

Help page.
https://www.winhelp.us/secunia-psi.html

#11 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 05 February 2016 - 12:50 AM

I went to the Download Now page of Personal Software Inspector and its just a blank screen, theres no download that launches.

 

This is the address of when you click on Download Now:

http://s2391.t.eloqua.com/e/er?s=2391&lid=14826&elq=00000000000000000000000000000000&elqaid=1718&elqat=2&elqTrackId=89a59c2d93974ce9866f5cd47a8a5da5

 

The title of the tab on the page is "er (1 x 1)"

 

Is there any other way to download it because the site won't let me access the program and I know it's not a security issue because Kaspersky would've given me an alert so I think there's something wrong with the company's website.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 06 February 2016 - 08:34 AM

This link is good for me.
http://secunia.com/vurlnerability_scanning/personal/


Try this link
http://www.bleepingcomputer.com/download/search/?keyword=secunia

#13 TheFog

TheFog
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 07 February 2016 - 10:19 AM

I downloaded it successfully and let it update any programs needed but I'm still having the same issue. It's creeping me out a bit lol.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 07 February 2016 - 11:11 AM

Are you loosing your Wifi for a few seconds and then it reconnects?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 13 February 2016 - 11:04 AM

Are you still with me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users