Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adk2x- Reinstalled windows and its still there.


  • This topic is locked This topic is locked
24 replies to this topic

#1 Jathryn

Jathryn

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 22 March 2016 - 07:34 PM

I'm honestly at my wits end and dunno what to do =\.  Whenever I load a website, any embedded videos, existing adds, and sometimes even whole comment sections load for a sec then are replaced with banner ads.  Not ever clever ones, simple run of the mill "out of date, click here to update" or "you must login to view content" ads.  After hover over the ads I noticed most if not all involve an adk2x.com, so I assume that's the program I'm dealing with here.  I've tried every free anti-virus and malware program i can get my hands on...I even purchased a year of McAfee to try and rid me of this nuisance. No luck.  Reboot in safe mode with networking and try again? No threats detected.  Finally, I gave up.  I stored all my important info on my phone (biggest external hard drive I have unfortunately) and reinstalled windows 10 via the repair/recovery options provided.  During the recovery, I told the installer to delete all information from both of my hard drives (the option recommended if you wish to recycle your PC) and reinstalled Windows 10 again.  First thing I did was reinstall my McAfee, then installed Chrome.  Ads still there.  I found this website while googling adk2x to find some answers and I can only hope you guys can help me.  I just want to be able to browse normally again.

 

Heres that sweet info you guys need:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by JD (administrator) on DESKTOP-JT5GH2V (22-03-2016 22:15:01)
Running from C:\Users\JD\Downloads
Loaded Profiles: JD (Available Profiles: JD)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{201fb38f-57b6-4d30-a173-92f8d6392186}: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-22] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-22]
CHR Extension: (Google Docs) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-22]
CHR Extension: (Google Drive) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-22]
CHR Extension: (YouTube) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-22]
CHR Extension: (Google Sheets) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-22]
CHR Extension: (Gmail) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-22] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-20] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2016-01-19] (Windows ® Win 7 DDK provider)
S3 rzbtendpt; C:\Windows\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 22:15 - 2016-03-22 22:15 - 00012198 _____ C:\Users\JD\Downloads\FRST.txt
2016-03-22 22:14 - 2016-03-22 22:15 - 00000000 ____D C:\FRST
2016-03-22 22:14 - 2016-03-22 22:14 - 02374144 _____ (Farbar) C:\Users\JD\Downloads\FRST64.exe
2016-03-22 22:14 - 2016-03-22 22:14 - 01725440 _____ (Farbar) C:\Users\JD\Downloads\FRST.exe
2016-03-22 22:02 - 2016-03-22 22:02 - 00852798 _____ C:\Users\JD\Downloads\SecurityCheck.exe
2016-03-22 21:51 - 2016-03-22 21:51 - 00003398 _____ C:\Users\JD\Desktop\Rkill.txt
2016-03-22 21:50 - 2016-03-22 21:51 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\JD\Downloads\rkill.exe
2016-03-22 21:45 - 2016-03-22 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-22 21:44 - 2016-03-22 21:50 - 00000000 ____D C:\Users\JD\Desktop\mbar
2016-03-22 21:44 - 2016-03-22 21:44 - 16563352 _____ (Malwarebytes Corp.) C:\Users\JD\Downloads\mbar-1.09.3.1001.exe
2016-03-22 21:31 - 2016-03-22 22:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 21:30 - 2016-03-22 21:44 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-22 21:30 - 2016-03-22 21:30 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 21:30 - 2016-03-22 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 21:30 - 2016-03-22 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 21:30 - 2016-03-22 21:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 21:30 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-22 21:30 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-22 21:28 - 2016-03-22 21:29 - 22851472 _____ (Malwarebytes ) C:\Users\JD\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-22 21:17 - 2016-03-22 21:44 - 00286918 _____ C:\Windows\ntbtlog.txt
2016-03-22 21:17 - 2016-03-22 21:33 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-22 21:15 - 2016-03-22 21:15 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-22 21:15 - 2016-03-22 21:15 - 00003430 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-22 21:15 - 2016-03-22 21:15 - 00000000 _____ C:\autoexec.bat
2016-03-22 21:14 - 2016-03-22 21:14 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\JD\Downloads\SpyHunter-Installer.exe
2016-03-22 21:07 - 2016-03-22 21:07 - 00000000 ____D C:\Users\JD\AppData\Roaming\Macromedia
2016-03-22 21:05 - 2016-03-22 21:05 - 00000000 ____D C:\Users\JD\AppData\Local\Comms
2016-03-22 21:04 - 2016-03-22 21:04 - 00003138 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-03-22 21:04 - 2016-03-22 21:04 - 00001993 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 ____D C:\ProgramData\Intel Security
2016-03-22 21:04 - 2015-11-25 07:29 - 00496368 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2016-03-22 21:04 - 2015-11-25 07:29 - 00083096 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeelamk.sys
2016-03-22 21:04 - 2015-11-25 07:29 - 00079248 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2016-03-22 21:04 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-03-22 21:03 - 2016-03-22 21:04 - 00000000 ____D C:\Program Files\McAfee
2016-03-22 21:03 - 2016-03-22 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-22 21:03 - 2016-03-22 21:03 - 00000000 ____D C:\Program Files\McAfee.com
2016-03-22 21:03 - 2016-03-22 21:03 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-03-22 21:03 - 2016-03-22 21:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-22 21:03 - 2015-11-25 07:29 - 00245096 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2016-03-22 20:55 - 2016-03-22 21:08 - 00000000 ____D C:\ProgramData\McAfee
2016-03-22 20:55 - 2016-03-22 21:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-22 20:55 - 2016-03-22 20:55 - 08200968 _____ (McAfee, Inc.) C:\Users\JD\Downloads\Setup_serial_fIO8sabUje0iGMTP-xeQwQ2_key.exe
2016-03-22 20:55 - 2015-11-25 07:29 - 00846080 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2016-03-22 20:55 - 2015-11-25 07:29 - 00419624 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2016-03-22 20:55 - 2015-11-25 07:29 - 00351144 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2016-03-22 20:55 - 2015-11-18 14:24 - 00275368 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-03-22 20:53 - 2016-03-22 22:10 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 20:53 - 2016-03-22 20:53 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-22 20:53 - 2016-03-22 20:53 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-22 20:50 - 2016-03-22 22:04 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-22 20:50 - 2016-03-22 20:55 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-22 20:50 - 2016-03-22 20:53 - 00000000 ____D C:\Users\JD\AppData\Local\Google
2016-03-22 20:50 - 2016-03-22 20:53 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-22 20:50 - 2016-03-22 20:50 - 00987728 _____ (Google Inc.) C:\Users\JD\Downloads\ChromeSetup.exe
2016-03-22 20:50 - 2016-03-22 20:50 - 00003980 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-22 20:50 - 2016-03-22 20:50 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-22 20:49 - 2016-03-22 20:49 - 00002358 _____ C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-22 20:49 - 2016-03-22 20:49 - 00000000 ___RD C:\Users\JD\OneDrive
2016-03-22 20:49 - 2016-03-22 20:49 - 00000000 ____D C:\Users\JD\AppData\Local\MicrosoftEdge
2016-03-22 20:49 - 2016-03-22 20:49 - 00000000 ____D C:\Users\JD\AppData\Local\ActiveSync
2016-03-22 20:49 - 2016-03-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-03-22 20:47 - 2016-03-22 22:04 - 00000000 __SHD C:\Users\JD\IntelGraphicsProfiles
2016-03-22 20:47 - 2016-03-22 21:07 - 00000000 ____D C:\Users\JD\AppData\Local\Packages
2016-03-22 20:47 - 2016-03-22 20:49 - 00000000 ____D C:\Users\JD
2016-03-22 20:47 - 2016-03-22 20:47 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-03-22 20:47 - 2016-03-22 20:47 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-22 20:47 - 2016-03-22 20:47 - 00000020 ___SH C:\Users\JD\ntuser.ini
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 _SHDL C:\Users\JD\My Documents
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 _SHDL C:\Users\JD\Documents\My Videos
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 _SHDL C:\Users\JD\Documents\My Pictures
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 _SHDL C:\Users\JD\Documents\My Music
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 ____D C:\Users\JD\AppData\Roaming\Adobe
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 ____D C:\Users\JD\AppData\Local\VirtualStore
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 ____D C:\Users\JD\AppData\Local\TileDataLayer
2016-03-22 20:47 - 2016-03-22 20:47 - 00000000 ____D C:\Users\JD\AppData\Local\Publishers
2016-03-22 20:46 - 2016-03-22 20:46 - 00000000 ____D C:\ProgramData\USOShared
2016-03-22 20:45 - 2016-03-22 22:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\Default User
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Users\All Users
2016-03-22 20:45 - 2016-03-22 20:45 - 00000000 _SHDL C:\Documents and Settings
2016-03-22 20:45 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\Program Files\Intel
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-22 20:44 - 2016-03-22 20:44 - 00000000 ____D C:\Intel
2016-03-22 20:44 - 2015-11-05 10:08 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-22 20:44 - 2015-11-05 10:08 - 02983216 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-22 20:44 - 2015-11-05 10:08 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-22 20:44 - 2015-11-05 10:08 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-22 20:44 - 2015-11-05 10:08 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-22 20:44 - 2015-11-05 10:08 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-22 20:44 - 2015-10-28 08:49 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2016-03-22 20:44 - 2015-08-27 20:20 - 00072704 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-03-22 20:44 - 2015-08-27 20:20 - 00069120 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-03-22 20:43 - 2016-03-22 20:43 - 00189240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-22 20:43 - 2016-03-22 20:43 - 00000000 ____D C:\Windows\ServiceProfiles
2016-03-22 20:41 - 2016-03-22 20:43 - 00000000 _____ C:\Recovery.txt
2016-03-22 20:27 - 2016-03-22 20:46 - 00000000 ___DC C:\Windows\Panther
2016-03-22 20:27 - 2016-03-22 20:27 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-03-22 20:27 - 2016-03-22 20:27 - 00000000 ____D C:\Windows\Setup
2016-03-22 20:27 - 2016-03-22 20:27 - 00000000 ____D C:\Windows\InfusedApps
2016-03-22 20:27 - 2016-03-22 20:27 - 00000000 ____D C:\Windows.old
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\0409
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\winrm
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\WCN
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\slmgr
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\0409
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\OCR
2016-03-22 20:26 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\DigitalLocker
2016-03-22 20:25 - 2015-10-30 02:19 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-22 20:25 - 2015-10-30 02:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-22 20:24 - 2016-03-22 21:12 - 00000000 ____D C:\Windows\AppReadiness
2016-03-22 20:24 - 2016-03-22 21:05 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-22 20:24 - 2016-03-22 21:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-22 20:24 - 2016-03-22 21:03 - 00000000 ___RD C:\Windows\DevicesFlow
2016-03-22 20:24 - 2016-03-22 20:47 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-22 20:24 - 2016-03-22 20:47 - 00000000 ___RD C:\Windows\PrintDialog
2016-03-22 20:24 - 2016-03-22 20:47 - 00000000 ___RD C:\Windows\MiracastView
2016-03-22 20:24 - 2016-03-22 20:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-03-22 20:24 - 2016-03-22 20:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-03-22 20:24 - 2016-03-22 20:46 - 00000000 ____D C:\Windows\system32\oobe
2016-03-22 20:24 - 2016-03-22 20:46 - 00000000 ____D C:\ProgramData\USOPrivate
2016-03-22 20:24 - 2016-03-22 20:45 - 00000000 ____D C:\Windows\system32\spool
2016-03-22 20:24 - 2016-03-22 20:45 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-22 20:24 - 2016-03-22 20:44 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-22 20:24 - 2016-03-22 20:44 - 00000000 ____D C:\Windows\Help
2016-03-22 20:24 - 2016-03-22 20:41 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ___SD C:\Windows\system32\F12
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ___SD C:\Windows\system32\dsc
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\setup
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\MUI
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\migwiz
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\Dism
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\system32\Com
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\IME
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-03-22 20:24 - 2016-03-22 20:26 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 __RSD C:\Windows\Media
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___SD C:\Windows\system32\Nui
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___SD C:\Windows\system32\Configuration
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ___RD C:\Windows\DesktopTileResources
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Web
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Vss
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\tracing
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\TAPI
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\SMI
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\NDF
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\Ipmi
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\FxsTmp
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\AppLocker
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SystemResources
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SystemApps
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\WinMetadata
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\winevt
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\ras
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\ProximityToast
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\PointOfService
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\NDF
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\MsDtc
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\MailContactsCalendarSync
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\Ipmi
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\InputMethod
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\inetsrv
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\IME
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\icsxml
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\ias
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\GroupPolicyUsers
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\downlevel
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\config\Journal
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\Bthprops
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\AppLocker
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\System
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SKB
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\ShellNew
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\security
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\schemas
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\SchCache
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Resources
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\rescache
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Registration
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Provisioning
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\PLA
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Performance
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\ModemLogs
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\L2Schemas
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\InputMethod
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Globalization
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Cursors
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\Branding
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\bcastdvr
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\appcompat
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\addins
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\ProgramData\Comms
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files\Windows NT
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files\Common Files\Services
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-03-22 20:24 - 2016-03-22 20:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-22 20:24 - 2016-03-22 20:23 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-03-22 20:24 - 2016-03-22 20:23 - 00215943 _____ C:\Windows\SysWOW64\dssec.dat
2016-03-22 20:24 - 2016-03-22 20:23 - 00215943 _____ C:\Windows\system32\dssec.dat
2016-03-22 20:24 - 2016-03-22 20:23 - 00209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-03-22 20:24 - 2016-03-22 20:23 - 00017463 _____ C:\Windows\system32\Drivers\etc\services
2016-03-22 20:24 - 2016-03-22 20:23 - 00015462 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-03-22 20:24 - 2016-03-22 20:23 - 00008798 _____ C:\Windows\SysWOW64\icrav03.rat
2016-03-22 20:24 - 2016-03-22 20:23 - 00008798 _____ C:\Windows\system32\icrav03.rat
2016-03-22 20:24 - 2016-03-22 20:23 - 00003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2016-03-22 20:24 - 2016-03-22 20:23 - 00001988 _____ C:\Windows\SysWOW64\ticrf.rat
2016-03-22 20:24 - 2016-03-22 20:23 - 00001988 _____ C:\Windows\system32\ticrf.rat
2016-03-22 20:24 - 2016-03-22 20:23 - 00001358 _____ C:\Windows\system32\Drivers\etc\protocol
2016-03-22 20:24 - 2016-03-22 20:23 - 00000858 _____ C:\Windows\system32\DefaultQuestions.json
2016-03-22 20:24 - 2016-03-22 20:23 - 00000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2016-03-22 20:24 - 2016-03-22 20:23 - 00000741 _____ C:\Windows\system32\NOISE.DAT
2016-03-22 20:24 - 2016-03-22 20:23 - 00000407 _____ C:\Windows\system32\Drivers\etc\networks
2016-03-22 20:24 - 2016-03-22 20:23 - 00000389 _____ C:\Windows\system32\AutoWorkplace.exe.config
2016-03-22 20:24 - 2016-03-22 20:23 - 00000219 _____ C:\Windows\system.ini
2016-03-22 20:24 - 2016-03-22 20:23 - 00000092 _____ C:\Windows\win.ini
2016-03-22 20:23 - 2016-03-22 22:10 - 00000000 ____D C:\Windows\INF
2016-03-22 20:21 - 2016-03-22 20:46 - 00000000 ____D C:\Windows\CbsTemp
2016-03-22 20:19 - 2016-03-22 22:04 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-22 20:19 - 2016-03-22 21:06 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-03-22 20:19 - 2016-03-22 20:26 - 00000000 ____D C:\Windows\servicing
2016-03-22 20:19 - 2016-03-22 20:24 - 00000000 ____D C:\Windows\system32\SMI
2016-03-22 20:19 - 2016-03-22 20:19 - 00000000 ___HD C:\$Windows.~BT
2016-03-22 20:19 - 2015-10-30 01:33 - 00000164 _____ C:\Windows\system32\config\FP
2016-03-22 18:18 - 2016-03-22 20:43 - 00000000 ___HD C:\$SysReset
2016-03-17 19:36 - 2016-01-19 14:59 - 00028344 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\nvswcfilter.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
Some files in TEMP:
====================
C:\Users\JD\AppData\Local\Temp\McCSPInstall.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-22 20:43
 
==================== End of FRST.txt ============================

Edited by hamluis, 22 March 2016 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 23 March 2016 - 01:24 PM

Greetings Jathryn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

When you ran FRST an Addition.txt file should have been placed on your desktop. If it is there please copy and paste the contents in your reply. If it is not there rerun FRST and make sure to check Addition.txt.

Please tell me the model numbers for your router and/or modem.

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router/modem info
  • Addition.txt
  • MTB.txt
  • Attached System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 23 March 2016 - 03:46 PM

Addition.txt is as follows:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by JD (2016-03-22 22:15:38)
Running from C:\Users\JD\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-23 01:47:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1886957148-3325705381-2739993811-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1886957148-3325705381-2739993811-503 - Limited - Disabled)
Guest (S-1-5-21-1886957148-3325705381-2739993811-501 - Limited - Disabled)
JD (S-1-5-21-1886957148-3325705381-2739993811-1001 - Administrator - Enabled) => C:\Users\JD
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1886957148-3325705381-2739993811-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\JD\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {084B74AC-C744-4395-86ED-405CED3F28A1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {6F67F33E-093F-447D-B10E-ED8C8CBFD9D8} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {74468E71-89A5-4DE9-AE5D-2FD22BC993BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-22] (Google Inc.)
Task: {84237D46-093C-4924-9374-93FF29A46BA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-22] (Google Inc.)
Task: {BA3D842E-8A49-47E7-B6A7-6CFF66C7FB10} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-22 20:44 - 2015-11-05 10:08 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-22 20:53 - 2016-03-07 21:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-22 20:53 - 2016-03-07 21:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-22 20:53 - 2016-03-07 21:48 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-22 20:24 - 2016-03-22 20:23 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1886957148-3325705381-2739993811-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 217.12.218.15 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AC2CE012-7046-4853-9804-D5545D301C55}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{99888677-BC12-4C38-A105-F87BC0BBFE3B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
 
==================== Restore Points =========================
 
22-03-2016 20:45:56 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2016 09:17:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JT5GH2V)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/22/2016 09:14:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JT5GH2V)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/22/2016 09:04:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JT5GH2V)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/22/2016 08:47:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800706BE
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/22/2016 08:45:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (03/22/2016 10:04:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/22/2016 10:04:14 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/22/2016 10:04:13 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/22/2016 10:04:09 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/22/2016 10:04:06 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/22/2016 10:04:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/22/2016 10:04:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/22/2016 10:04:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/22/2016 10:04:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (03/22/2016 10:04:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JT5GH2V)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2016-03-22 20:46:46.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-22 20:44:01.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8075.4 MB
Available physical RAM: 6116.94 MB
Total Virtual: 9995.4 MB
Available Virtual: 7973.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.98 GB) (Free:219.49 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
Drive e: (ESD-USB) (Removable) (Total:7.5 GB) (Free:4.46 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CAE1509D)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EB72CD2D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 23 March 2016 - 03:56 PM

Modem & Router info is as followed:

 

Modem=====

   Brand: Arris

   Model #: CM820A

 

Router=====

   Brand: Linksys

   Model: WRT54Gl

 



#5 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 23 March 2016 - 03:58 PM

MTB information is as followed:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by JD (administrator) on 23-03-2016 at 15:53:10
Running from "C:\Users\JD\Downloads"
Microsoft Windows 10 Home  (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-JT5GH2V
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hot.rr.com
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hot.rr.com
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : BC-5F-F4-8C-15-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f98a:5609:474f:4cde%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 23, 2016 3:39:18 PM
   Lease Expires . . . . . . . . . . : Thursday, March 24, 2016 3:39:18 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 45899764
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-83-AD-87-BC-5F-F4-8C-15-A9
   DNS Servers . . . . . . . . . . . : 217.12.218.15
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.hot.rr.com:
 
   Connection-specific DNS Suffix  . : hot.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%5(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 67108864
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-83-AD-87-BC-5F-F4-8C-15-A9
   DNS Servers . . . . . . . . . . . : 217.12.218.15
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  217.12.218.15
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  217.12.218.15
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...bc 5f f4 8c 15 a9 ......Broadcom NetLink ™ Gigabit Ethernet
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  2    276 fe80::/64                On-link
  5    281 fe80::5efe:192.168.1.101/128
                                    On-link
  2    276 fe80::f98a:5609:474f:4cde/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
**** End of log ****
 


#6 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 23 March 2016 - 04:03 PM

And finally, attached to this reply is the zipped summary information requested.

 

Also for the future feel free to call me J.D.  Most of my friends do ^.^

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 23 March 2016 - 06:33 PM

Thank you J.D.

Please do this. If this resolves our issue I will have you reset your DNS to Google.

===================================================

Farbar's Recovery Scan Tool Fix and Reset of Router

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Tcpip\Parameters: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{201fb38f-57b6-4d30-a173-92f8d6392186}: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
  • Turn off the wireless device on your computer
  • Launch FRST
  • Press the Fix button and allow the program to process fixlist.txt
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply after the final step here
  • Disconnect the Linksys router from the modem
  • Perform a factory reset of the router (information here)
  • Unplug your modem, plug it back in after 30 seconds and let the modem sync to the Internet
  • Connect the Linksys router to the modem and wait one minute for the router to sync with the modem
  • Restart your computer, allow it to obtain an IP address from the router, then check your Internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 25 March 2016 - 02:37 PM

Sorry for the late reply, Im currently nursing a stomach virus and havent been able to leave bed.  I'll post again as soon as I am able, hopefully tomorrow.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 25 March 2016 - 02:40 PM

Sorry to hear. Take care of yourself and come back when you are ready.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 26 March 2016 - 10:53 AM

Right, back to it then.  I read your last post and attempted to follow the directions....but i hit a hitch.  You ask me to turn off the wireless device on my computer, but i don't have one.  I use a wireless router, but i still use a wired connection for my pc.  I mainly use the wireless for a few game consoles I have and my cellphone so I don't use up data while at home.  I figured I should let you know before attempting anything else in case this changes any of the directions.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 26 March 2016 - 02:31 PM

OK thanks for asking first. Disconnect the Ethernet cable rather than disconnecting the wireless.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 27 March 2016 - 04:09 PM

Round 2 vs stomach flu is over, sorry for getting back late, but the next steps have been done.  Also, I'm not 100% what check your internet means I'm looking for, like if it works or if the malware is still there?  Cuz its like its there, but its not.  I'm not getting all my ads redirected anymore, and videos seems to be able to be loaded again.  The ads that do get redirected now only get redirected to blank space....same with that comment section I mentioned above, it just loads then unloads, no ad.

 

Oh and Fixlog.txt is as followed===

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by JD (2016-03-27 15:40:12) Run:1
Running from C:\Users\JD\Downloads
Loaded Profiles: JD (Available Profiles: JD)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Tcpip\Parameters: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{201fb38f-57b6-4d30-a173-92f8d6392186}: [DhcpNameServer] 217.12.218.15 8.8.8.8 8.8.4.4
*****************
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{201fb38f-57b6-4d30-a173-92f8d6392186}\\DhcpNameServer => value removed successfully
 
==== End of Fixlog 15:40:13 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 27 March 2016 - 06:30 PM

Thanks J.D., and sorry to hear of the double dose.

When you get a chance could you provide a screen shot of what you are seeing?

Which browser(s) is being affected?

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Screeh shot
  • Which browser(s)
  • Adwcleaner log
  • Junkware log
  • Update on browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 28 March 2016 - 04:49 PM

I would love to give you screenshots, but everything is loading fine now, its weird.  I haven't run any scans or done anything that you haven't told me to do cept for maybe have MBAM trial running in the background, and that definalty gave me a few popups of blocked things few days ago.  Either way, here what you requested. I'm keep doing this you and I are sure this stuff is gone >.>

 

AdwCleaner.txt is as follow===

 

# AdwCleaner v5.107 - Logfile created 28/03/2016 at 16:36:40
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : JD - DESKTOP-JT5GH2V
# Running from : C:\Users\JD\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [948 bytes] - [28/03/2016 16:36:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [997 bytes] - [28/03/2016 16:34:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1092 bytes] ##########
 


#15 Jathryn

Jathryn
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:12 AM

Posted 28 March 2016 - 04:50 PM

Oh while I'm here, I forgot to mention the browser is Chrome. Anywho.....

 

JRT.txt is as followed====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by JD (Administrator) on Mon 03/28/2016 at 16:40:14.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut) 
Successfully deleted: C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/28/2016 at 16:41:20.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users