Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In chrome redirected to Search Pile


  • Please log in to reply
4 replies to this topic

#1 Jonyskids

Jonyskids

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 09 February 2016 - 03:08 PM

Regardless of browser I am redirected to Search Pile. New here and really appreciate any help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by jonyskids (administrator) on SUN (09-02-2016 15:55:39)
Running from C:\Users\jonyskids\Downloads
Loaded Profiles: jonyskids (Available Profiles: jonyskids & Julie)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe
() C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\5\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\2\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\8\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\10\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM-x32\...\Run: [RemoteView5 Tray] => C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe [2615704 2014-05-08] (Rsupport Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\...\Run: [7EF13FFDE52B7A78370C540A15A76E440C077277._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [807752 2016-02-03] (Google Inc.)
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\...\Run: [GoogleChromeAutoLaunch_39106E79D9A35F5F5A1A7ACD838734CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [807752 2016-02-03] (Google Inc.)
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\...\RunOnce: [Uninstall C:\Users\jonyskids\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonyskids\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\...\RunOnce: [Uninstall C:\Users\jonyskids\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonyskids\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [291968 2015-11-02] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk [2013-12-30]
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{eee86e10-47c8-4b3b-9d63-67e29e491715}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1787734947-1824539028-1048066521-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKU\S-1-5-21-1787734947-1824539028-1048066521-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Outrageous Deal -> {4e2d2bf0-159f-4257-acf0-b1f29b376fa0} -> C:\Program Files (x86)\Outrageous Deal\Extensions\4e2d2bf0-159f-4257-acf0-b1f29b376fa0.dll [2016-01-21] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-30] (VideoLAN)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1787734947-1824539028-1048066521-1001: @tools.google.com/Google Update;version=3 -> C:\Users\jonyskids\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1787734947-1824539028-1048066521-1001: @tools.google.com/Google Update;version=9 -> C:\Users\jonyskids\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcF8AA10TFBhGIQ0LTA1DRVEOIgAIBBRIFFYRdgFcVAtDQgEFIk0FA1oDB0VXfV5bFElXTwhsNU1KAF4UTkBQBFxZDQ=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcF8AA10TFBhGIQ0LTA1DRVEOIgAIBBRIFFYRdgFcVAtDQgEFIk0FA1oDB0VXfV5bFElXTwhsNU1KAF4UTkBQBFxZDQ=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQoIBwETRVcWbVxZVQpcFQdHJBRaWAkUDAwWIwsOWV1EEwdAdB9aFQQTQkcFME0FBloEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAYTJgFaBVtEDFBCdAoVVQsVRRhBeQldTABEQgcVeF0NUwsSFRNBNARaAktXUUEeJ1pNER8fHHpWNEtZBlweVEZnJVhU
CHR Profile: C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-04]
CHR Extension: (Google Docs) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-04]
CHR Extension: (Google Drive) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google Search) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (PlayOn) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Extension: (Gmail) - C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-04]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2015-10-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [131312 2015-03-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-13] (Intel Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [6437488 2016-02-08] (MediaMall Technologies, Inc.)
R2 RemotePC Agent; C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe [813448 2014-05-07] (Rsupport Co., Ltd.)
S3 Rsupport Remote Control Service #18842; C:\Program Files (x86)\Samsung\Remote PC\rcsemgru.exe [78120 2014-03-13] (Rsupport Corporation)
R2 Service Mgr OutrageousDeal; C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe [1397472 2016-02-09] () <==== ATTENTION
R2 Update Mgr OutrageousDeal; C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe [1264864 2016-02-09] () <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-09] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-03-06] (MediaMall Technologies, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 rssasnt; C:\Program Files (x86)\Samsung\Remote PC\rssas64.sys [18184 2013-08-22] (Rsupport Co.,Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2015-12-01] (Rsupport Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 15:55 - 2016-02-09 15:56 - 00017145 _____ C:\Users\jonyskids\Downloads\FRST.txt
2016-02-09 15:55 - 2016-02-09 15:55 - 00000000 ____D C:\FRST
2016-02-09 15:54 - 2016-02-09 15:55 - 02370560 _____ (Farbar) C:\Users\jonyskids\Downloads\FRST64.exe
2016-02-09 15:21 - 2016-02-09 15:47 - 00000000 ____D C:\Users\jonyskids\Desktop\backups
2016-02-09 15:14 - 2016-02-09 15:56 - 00000000 ____D C:\temp
2016-02-09 15:13 - 2016-02-09 15:14 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-02-09 15:11 - 2016-02-09 15:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\jonyskids\Desktop\HijackThis.exe
2016-02-09 14:45 - 2016-02-09 14:45 - 00000000 ____D C:\Users\jonyskids\Documents\ProcAlyzer Dumps
2016-02-09 14:00 - 2016-02-09 14:00 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-09 14:00 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-09 13:57 - 2016-02-09 13:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-09 13:56 - 2016-02-09 15:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-09 13:56 - 2016-02-09 15:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-09 12:35 - 2016-02-09 12:35 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-02-09 12:33 - 2016-02-09 12:34 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\jonyskids\Downloads\SpyHunter-Installer.exe
2016-02-09 11:32 - 2016-02-09 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-09 11:32 - 2016-02-09 11:31 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-09 11:31 - 2016-02-09 11:31 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-09 10:56 - 2016-02-09 10:56 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\Sun
2016-02-09 10:55 - 2016-02-09 10:55 - 00000000 ____D C:\Users\jonyskids\.oracle_jre_usage
2016-02-09 09:16 - 2016-02-09 10:51 - 00000000 ____D C:\Users\jonyskids\Downloads\4th.Man.Out.2016.HDRip.XviD.AC3-EVO
2016-02-09 09:16 - 2016-02-09 10:43 - 00000000 ____D C:\Users\jonyskids\Downloads\Silver Rush - DiscChan DocuReality Treasure Hunting (2013) (UK renamed to Billion Dollar Wreck Hunt)
2016-02-09 09:12 - 2016-02-09 13:00 - 00000000 ____D C:\Users\jonyskids\Downloads\Darkweb.2016.HDRip.XviD.AC3-EVO
2016-02-09 09:11 - 2016-02-09 10:24 - 00000000 ____D C:\Users\jonyskids\Downloads\The.X-Files.S10E04.1080p.WEB-DL.DD5.1.H264-RARBG
2016-01-28 14:21 - 2016-01-16 02:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 14:21 - 2016-01-16 02:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 14:21 - 2016-01-16 02:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:21 - 2016-01-16 02:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 14:21 - 2016-01-16 02:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 14:21 - 2016-01-16 02:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 14:21 - 2016-01-16 02:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 14:21 - 2016-01-16 02:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 14:21 - 2016-01-16 02:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:21 - 2016-01-16 02:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 14:21 - 2016-01-16 02:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 14:21 - 2016-01-16 02:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 14:21 - 2016-01-16 02:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 14:21 - 2016-01-16 02:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 14:21 - 2016-01-16 02:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 14:21 - 2016-01-16 02:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 14:21 - 2016-01-16 02:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 14:21 - 2016-01-16 02:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 14:21 - 2016-01-16 02:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 14:21 - 2016-01-16 02:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 14:21 - 2016-01-16 02:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 14:21 - 2016-01-16 01:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 14:21 - 2016-01-16 01:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 14:21 - 2016-01-16 01:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 14:21 - 2016-01-16 01:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 14:21 - 2016-01-16 01:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 14:21 - 2016-01-16 01:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 14:21 - 2016-01-16 01:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 14:21 - 2016-01-16 01:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 14:21 - 2016-01-16 01:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 14:21 - 2016-01-16 01:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 14:21 - 2016-01-16 01:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 14:21 - 2016-01-16 01:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 14:21 - 2016-01-16 01:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 14:21 - 2016-01-16 01:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 14:21 - 2016-01-16 01:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 14:21 - 2016-01-16 01:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 14:21 - 2016-01-16 01:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 14:21 - 2016-01-16 01:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 14:21 - 2016-01-16 01:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 14:21 - 2016-01-16 01:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 14:21 - 2016-01-16 01:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 14:21 - 2016-01-16 01:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 14:21 - 2016-01-16 01:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 14:21 - 2016-01-16 01:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 14:21 - 2016-01-16 01:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 14:21 - 2016-01-16 01:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 14:21 - 2016-01-16 01:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 14:21 - 2016-01-16 01:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 14:21 - 2016-01-16 01:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 14:21 - 2016-01-16 01:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 14:21 - 2016-01-16 01:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 14:21 - 2016-01-16 01:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 14:21 - 2016-01-16 01:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 14:21 - 2016-01-16 01:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 14:21 - 2016-01-16 01:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 14:21 - 2016-01-16 01:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 14:21 - 2016-01-16 01:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 14:21 - 2016-01-16 01:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 14:21 - 2016-01-16 01:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 14:21 - 2016-01-16 01:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 14:21 - 2016-01-16 01:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 14:21 - 2016-01-16 01:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 14:21 - 2016-01-16 01:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 14:21 - 2016-01-16 01:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 14:21 - 2016-01-16 01:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 14:21 - 2016-01-16 01:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 14:21 - 2016-01-16 01:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 14:21 - 2016-01-16 01:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 14:21 - 2016-01-16 01:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 14:21 - 2016-01-16 01:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 14:21 - 2016-01-16 01:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 14:21 - 2016-01-16 01:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 14:20 - 2016-01-16 02:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 14:20 - 2016-01-16 02:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 14:20 - 2016-01-16 02:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 14:20 - 2016-01-16 02:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 14:20 - 2016-01-16 02:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 14:20 - 2016-01-16 02:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 14:20 - 2016-01-16 02:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 14:20 - 2016-01-16 01:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 14:20 - 2016-01-16 01:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 14:20 - 2016-01-16 01:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 14:20 - 2016-01-16 01:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 14:20 - 2016-01-16 01:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 14:20 - 2016-01-16 01:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 14:20 - 2016-01-16 01:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 14:20 - 2016-01-16 01:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 14:20 - 2016-01-16 01:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 14:20 - 2016-01-16 01:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 14:20 - 2016-01-16 01:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 14:20 - 2016-01-16 01:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 14:20 - 2016-01-16 01:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 14:20 - 2016-01-16 01:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 14:20 - 2016-01-16 01:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 14:20 - 2016-01-16 01:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 14:20 - 2016-01-16 01:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 14:20 - 2016-01-16 01:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 14:20 - 2016-01-16 01:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 14:20 - 2016-01-16 01:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 14:20 - 2016-01-16 01:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 14:20 - 2016-01-16 01:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 14:20 - 2016-01-16 01:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 14:20 - 2016-01-16 01:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 14:20 - 2016-01-16 01:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 14:20 - 2016-01-16 01:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 14:20 - 2016-01-16 01:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 14:20 - 2016-01-16 01:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 14:20 - 2016-01-16 01:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 14:20 - 2016-01-16 01:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 14:20 - 2016-01-16 01:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 14:20 - 2016-01-16 01:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 14:20 - 2016-01-16 01:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 14:20 - 2016-01-16 01:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 14:20 - 2016-01-16 01:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 14:20 - 2016-01-16 01:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 14:20 - 2016-01-16 01:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 14:20 - 2016-01-16 01:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 14:20 - 2016-01-16 01:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 14:20 - 2016-01-16 01:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 14:20 - 2016-01-16 01:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 14:20 - 2016-01-16 01:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 14:20 - 2016-01-16 01:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 14:20 - 2016-01-16 01:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-24 18:30 - 2016-01-28 03:10 - 00000000 ____D C:\Users\jonyskids\Downloads\Black Sails Season 1-2 S01-S02 1080p BluRay x264-MIXED [RiCK]
2016-01-21 14:11 - 2016-02-09 13:02 - 00000000 ____D C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98
2016-01-21 14:11 - 2016-01-21 14:11 - 00000000 ____D C:\Program Files (x86)\Outrageous Deal
2016-01-21 14:10 - 2016-01-21 14:10 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\RHEng
2016-01-21 14:09 - 2016-01-21 14:09 - 00003696 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2016-01-12 22:30 - 2016-01-04 22:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 22:30 - 2016-01-04 22:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 22:30 - 2016-01-04 22:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 22:30 - 2016-01-04 22:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 22:30 - 2016-01-04 22:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 22:30 - 2016-01-04 22:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 22:30 - 2016-01-04 22:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 22:30 - 2016-01-04 22:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 22:30 - 2016-01-04 22:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 22:30 - 2016-01-04 22:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 22:30 - 2016-01-04 22:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 22:30 - 2016-01-04 22:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 22:30 - 2016-01-04 22:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 22:30 - 2016-01-04 22:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 22:30 - 2016-01-04 22:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 22:30 - 2016-01-04 22:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 22:30 - 2016-01-04 22:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 22:30 - 2016-01-04 22:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 22:30 - 2016-01-04 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 22:30 - 2016-01-04 22:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 22:30 - 2016-01-04 22:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 22:30 - 2016-01-04 22:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 22:30 - 2016-01-04 22:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 22:30 - 2016-01-04 22:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 22:30 - 2016-01-04 22:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 22:30 - 2016-01-04 22:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 22:30 - 2016-01-04 22:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 22:30 - 2016-01-04 22:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 22:30 - 2016-01-04 21:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 22:30 - 2016-01-04 21:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 22:30 - 2016-01-04 21:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 22:30 - 2016-01-04 21:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-12 22:30 - 2016-01-04 21:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 22:30 - 2016-01-04 21:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 22:30 - 2016-01-04 21:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 22:30 - 2016-01-04 21:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 22:30 - 2016-01-04 21:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 22:30 - 2016-01-04 21:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 22:30 - 2016-01-04 21:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 22:30 - 2016-01-04 21:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 22:30 - 2016-01-04 21:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 22:30 - 2016-01-04 21:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 22:30 - 2016-01-04 21:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 22:30 - 2016-01-04 21:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 22:30 - 2016-01-04 21:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 22:30 - 2016-01-04 21:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 22:30 - 2016-01-04 21:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 22:30 - 2016-01-04 21:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 22:30 - 2016-01-04 21:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 22:30 - 2016-01-04 21:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 22:30 - 2016-01-04 21:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 22:30 - 2016-01-04 21:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 22:30 - 2016-01-04 21:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 22:30 - 2016-01-04 21:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-12 22:30 - 2016-01-04 21:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 22:30 - 2016-01-04 21:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 22:30 - 2016-01-04 21:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 22:30 - 2016-01-04 21:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 22:30 - 2016-01-04 21:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:30 - 2016-01-04 21:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 22:30 - 2016-01-04 21:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:30 - 2016-01-04 21:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 22:30 - 2016-01-04 21:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 22:30 - 2016-01-04 21:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 22:30 - 2016-01-04 21:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 22:30 - 2016-01-04 21:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 22:30 - 2016-01-04 21:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 22:30 - 2016-01-04 21:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 22:30 - 2016-01-04 21:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 22:30 - 2016-01-04 21:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 22:30 - 2016-01-04 21:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 22:30 - 2016-01-04 21:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 22:30 - 2016-01-04 21:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 22:30 - 2016-01-04 21:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 22:30 - 2016-01-04 21:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 15:56 - 2013-12-30 14:53 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-09 15:44 - 2013-12-30 15:48 - 00000000 ____D C:\ProgramData\MediaMall
2016-02-09 15:18 - 2013-12-30 14:53 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-09 15:17 - 2014-11-28 09:44 - 00000000 __SHD C:\Users\jonyskids\IntelGraphicsProfiles
2016-02-09 15:16 - 2015-12-01 07:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 15:15 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 15:14 - 2014-01-13 19:21 - 00000000 ____D C:\Users\jonyskids\Documents\uT
2016-02-09 15:13 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-09 15:13 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-09 15:00 - 2013-12-31 00:03 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1787734947-1824539028-1048066521-1001UA.job
2016-02-09 14:57 - 2015-12-01 07:32 - 00000000 ____D C:\Users\jonyskids
2016-02-09 12:20 - 2013-12-30 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC - Codec Pack
2016-02-09 11:35 - 2014-01-09 10:06 - 00000000 ____D C:\ProgramData\Oracle
2016-02-09 10:07 - 2013-12-30 14:49 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{31E0D9EF-288B-46A1-BBFE-2DF722268045}
2016-02-08 23:00 - 2013-12-31 00:03 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1787734947-1824539028-1048066521-1001Core.job
2016-02-08 21:15 - 2013-12-30 15:49 - 00000000 ____D C:\Program Files (x86)\MediaMall
2016-02-08 20:06 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-06 21:59 - 2015-08-14 23:01 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\deluge
2016-02-06 21:49 - 2014-01-08 12:01 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\uTorrent
2016-02-06 08:21 - 2014-12-10 17:51 - 00000000 ____D C:\Users\jonyskids\Desktop\Tor Browser
2016-02-05 20:40 - 2015-08-05 10:04 - 00002412 _____ C:\Users\jonyskids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-05 20:40 - 2015-08-05 10:04 - 00000000 ___RD C:\Users\jonyskids\OneDrive
2016-02-04 17:03 - 2015-08-07 11:10 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 17:03 - 2015-08-07 11:10 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-01 22:55 - 2013-12-31 00:03 - 00004058 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787734947-1824539028-1048066521-1001UA
2016-02-01 22:55 - 2013-12-31 00:03 - 00003682 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1787734947-1824539028-1048066521-1001Core
2016-01-31 09:51 - 2013-12-30 14:53 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-31 09:51 - 2013-12-30 14:53 - 00003740 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 20:09 - 2015-08-05 08:50 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-30 15:37 - 2013-12-30 15:04 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\vlc
2016-01-30 09:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-29 22:07 - 2015-08-05 09:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 22:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 05:44 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-21 14:10 - 2015-12-04 09:51 - 00000000 ____D C:\Users\jonyskids\AppData\Roaming\DivX
2016-01-21 14:10 - 2015-12-04 09:39 - 00000000 ____D C:\Program Files (x86)\DivX
2016-01-21 14:10 - 2015-12-04 09:38 - 00000000 ____D C:\ProgramData\DivX
2016-01-21 14:09 - 2015-12-04 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-01-21 13:52 - 2015-08-06 13:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-21 13:52 - 2015-08-06 13:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 20:33 - 2015-08-06 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 20:31 - 2014-01-02 03:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 20:29 - 2014-01-02 03:50 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-04-10 13:07 - 2014-11-27 12:07 - 0000107 _____ () C:\Users\jonyskids\AppData\Roaming\WB.CFG
2016-02-09 14:58 - 2016-02-09 14:58 - 0000218 _____ () C:\Users\jonyskids\AppData\Local\recently-used.xbel
2014-11-30 10:44 - 2014-11-30 10:44 - 0000017 _____ () C:\Users\jonyskids\AppData\Local\resmon.resmoncfg
2015-12-01 07:26 - 2015-12-01 07:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-02 19:00
 
==================== End of FRST.txt ============================

Attached Files


Edited by Jonyskids, 09 February 2016 - 04:22 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 09 February 2016 - 04:51 PM

Hi

 

Lets go with these two downloads and see if they can clean it up and we will go from there:

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal  process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 
==========================================================
     Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#3 Jonyskids

Jonyskids
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 09 February 2016 - 05:24 PM

Issue still persists. Thanks for the help!

 

Adware Clean:

 

# AdwCleaner v5.023 - Logfile created 04/12/2015 at 10:30:22
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : jonyskids - SUN
# Running from : C:\Users\jonyskids\Downloads\adwcleaner_5.023.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Browsersafeguard
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Folder Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Not Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[-] Folder Deleted : C:\Users\jonyskids\AppData\LocalLow\Mysearchdial
[-] Folder Deleted : C:\Users\jonyskids\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\jonyskids\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Not Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[-] Folder Deleted : C:\WINDOWS\SysWOW64\C2MP
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\jonyskids\AppData\Local\speedial.crx
[-] File Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgdnblnolcinnndenjnollpiplgkbjcn_0.localstorage
[-] File Deleted : C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgdnblnolcinnndenjnollpiplgkbjcn_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard]
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SearchProtectINT
[-] Key Deleted : HKCU\Software\SaveDailyDeals
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77580410-00A9-4753-82A6-1F56781E8BBD}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AF5F277B-E76F-4C04-AFF0-9598D00C44BB}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com_
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : blekko
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : genieo
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.babylon.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchdial.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : chrome-64-bit.en.softonic.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : iagcajndpnfncplednpbnkahadegklfa
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp
[-] [C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Mysearchdial.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13177 bytes] ##########
# AdwCleaner v5.033 - Logfile created 09/02/2016 at 18:01:16
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : jonyskids - SUN
# Running from : C:\Users\jonyskids\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : Service Mgr OutrageousDeal
[-] Service Deleted : Update Mgr OutrageousDeal
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98
[-] Folder Deleted : C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98
[-] Folder Deleted : C:\Users\jonyskids\AppData\Roaming\RHEng
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : HKLM\SOFTWARE\OutrageousDeal
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearchdial.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchinterneat-a.akamaihd.net
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcF8AA10TFBhGIQ0LTA1DRVEOIgAIBBRIFFYRdgFcVAtDQgEFIk0FA1oDB0VXfV5bFElXTwhsNU1KAF4UTkBQBFxZDQ==
[-] [C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQoIBwETRVcWbVxZVQpcFQdHJBRaWAkUDAwWIwsOWV1EEwdAdB9aFQQTQkcFME0FBloEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms}
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15896 bytes] ##########
 
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64 
Ran by jonyskids (Administrator) on Tue 02/09/2016 at 18:07:40.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\ProgramData\mediamall (Folder) 
Successfully deleted: C:\Users\jonyskids\AppData\Roaming\2267 (Folder) 
Successfully deleted: C:\Users\jonyskids\AppData\Roaming\5052 (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\mediamall (Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_39106E79D9A35F5F5A1A7ACD838734CF (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MediaMall Server (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/09/2016 at 18:13:07.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 09 February 2016 - 08:50 PM

Ok. I will have to get a better look at this tomorrow, running out of time. In the mean time you can download and run the free version of Malwarebytes. I wont be back on line for 15-16 hrs or so.

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 
http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal   capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

 

Also if you want to you can boot your machine into Safe mode and rerun both adwcleaner and malwarebytes in safe mode. Its a little different in Windows 10. If you dont feel comfortable trying it then dont worry about doing it. Be back tomorrow.

 

http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10

 

 

 


How Can I Reduce My Risk to Malware?


#5 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 10 February 2016 - 04:50 PM

First look in add.remove programs panel and uninstall: Outrageous Deal

 Did you run Malwarebytes? We will use FRST. Copy/paste whats below in the box into notepad and save it as fixlist.txt in the same place you have FRST saved. Start FRST like before except this time click on the Fix button once. Machine will reboot to finish and on reboot display a fixlog.txt which you can copy/paste in your reply.

CloseProcess:
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-1787734947-1824539028-1048066521-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Outrageous Deal -> {4e2d2bf0-159f-4257-acf0-b1f29b376fa0} -> C:\Program Files (x86)\Outrageous Deal\Extensions\4e2d2bf0-159f-4257-acf0-b1f29b376fa0.dll [2016-01-21] ()
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcF8AA10TFBhGIQ0LTA1DRVEOIgAIBBRIFFYRdgFcVAtDQgEFIk0FA1oDB0VXfV5bFElXTwhsNU1KAF4UTkBQBFxZDQ=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQcF8AA10TFBhGIQ0LTA1DRVEOIgAIBBRIFFYRdgFcVAtDQgEFIk0FA1oDB0VXfV5bFElXTwhsNU1KAF4UTkBQBFxZDQ=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQoIBwETRVcWbVxZVQpcFQdHJBRaWAkUDAwWIwsOWV1EEwdAdB9aFQQTQkcFME0FBloEURNNfXZNFUsQRlBMNUp8BFgd&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAYTJgFaBVtEDFBCdAoVVQsVRRhBeQldTABEQgcVeF0NUwsSFRNBNARaAktXUUEeJ1pNER8fHHpWNEtZBlweVEZnJVhU
R2 Service Mgr OutrageousDeal; C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe [1397472 2016-02-09] () <==== ATTENTION
R2 Update Mgr OutrageousDeal; C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe [1264864 2016-02-09] () <==== ATTENTION
C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe [1264864 2016-02-09]
C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe [1397472 2016-02-09]
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\5\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\2\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\8\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\10\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe
() C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe
Task: {130505B4-A5D6-4CCB-849A-1C4CE3CBA544} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1C93B721-291C-4A39-B44A-3E76C18C436A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2216E9FD-6A20-4294-B755-E14507C63FFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3656861B-B954-4876-9E6A-DA2459D504F2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {51E77CA5-8AC5-4C6C-BE9C-8AB9439D091E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5C62DAA3-E2A8-40F1-9F88-1F68FB4D40D7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {76D0E0CC-1E25-4C5B-AF56-1BDEA4F338F2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {806EDD4A-379D-4D50-B7CA-6766E8B532C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B77B0E6B-62DD-4DAD-8060-D9172E10AA7C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BC7885F8-8731-40DC-8ED1-19D05CBADF5D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F53E1A48-AFED-4C8F-90A9-7A120D547CE4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
C:\Users\jonyskids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
EmptyTemp:

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users