Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome opens ads on starup


  • This topic is locked This topic is locked
23 replies to this topic

#1 ecanela2507

ecanela2507

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 02:45 AM

Whenever i start up my computer google chrome automatically opens, even though i have removed it from the startup app list, and always opens to ads to download fake software. It will occasionally pop up while i'm working on it but nothing to noticeable.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 08 May 2016 - 02:51 AM

Hello ecanela2507 and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
RKreport.txt
Frst.txt
Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 03:28 AM

***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir=
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://Vosteran.com/?f=1&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir=
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [16208 bytes] - [07/05/2016 23:47:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [1470 bytes] - [08/05/2016 01:24:37]
C:\AdwCleaner\AdwCleaner[C3].txt - [3154 bytes] - [08/05/2016 03:16:57]
C:\AdwCleaner\AdwCleaner[C4].txt - [1945 bytes] - [08/05/2016 04:02:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [17122 bytes] - [07/05/2016 23:44:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [413 bytes] - [08/05/2016 01:15:27]
C:\AdwCleaner\AdwCleaner[S3].txt - [1288 bytes] - [08/05/2016 01:22:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [2956 bytes] - [08/05/2016 03:13:28]
C:\AdwCleaner\AdwCleaner[S5].txt - [2288 bytes] - [08/05/2016 04:01:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2383 bytes] ##########
 
RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 05/08/2016 04:23:20
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] o0jToo8p6k.tmp(7808) -- C:\Users\Owner\AppData\Local\Temp\is-T3AHD.tmp\o0jToo8p6k.tmp[x] -> Found
 
¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 SATA Disk Device +++++
--- User ---
[MBR] 51151b5ae2a4da61795c083f8ec2bcf4
[BSP] fce01d35831ca999a72f5c98e750e15a : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 692922 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1420722176 | Size: 847 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1422456832 | Size: 20845 MB
User = LL1 ... OK
User = LL2 ... OK
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
Ran by Owner (administrator) on HP-PC (08-05-2016 03:54:15)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935400 2015-07-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [AdBlock] => "AdBlock.exe"
HKLM-x32\...\RunOnce: [systwin] => "systwin.exe"
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-05-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2 192.168.1.1
Tcpip\..\Interfaces\{8ee91aac-9818-4155-87cd-ddbd360b327f}: [DhcpNameServer] 75.114.81.1 75.114.81.2 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-07-27] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir="
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-08]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-08]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-08]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-08]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-13] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 Scheduler; "C:\Program Files (x86)\Windriver\Scheduler.Service.exe" [X]
S2 Zenbuc; "C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-28] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-08 03:54 - 2016-05-08 03:54 - 00018553 _____ C:\Users\Owner\Downloads\FRST.txt
2016-05-08 03:54 - 2016-05-08 03:54 - 00000000 ____D C:\FRST
2016-05-08 03:53 - 2016-05-08 03:54 - 02379264 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-05-08 02:54 - 2016-05-08 02:54 - 00000000 ____D C:\Users\Owner\Downloads\HP Downloads
2016-05-08 02:53 - 2016-05-08 02:53 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\Owner\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-05-08 02:41 - 2016-05-08 02:41 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-08 02:41 - 2016-05-08 02:41 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-08 02:40 - 2016-05-08 03:45 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-08 02:40 - 2016-05-08 03:20 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-08 02:40 - 2016-05-08 02:40 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2016-05-08 02:40 - 2016-05-08 02:40 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-08 02:40 - 2016-05-08 02:40 - 00003734 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 00:45 - 2016-05-08 00:45 - 00016100 _____ C:\WINDOWS\system32\.crusader
2016-05-08 00:30 - 2016-05-08 00:45 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-08 00:22 - 2016-05-08 00:22 - 00000000 ____D C:\WINDOWS\system32\hyg
2016-05-07 23:57 - 2016-05-08 01:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-07 23:57 - 2016-05-07 23:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-07 23:57 - 2016-05-07 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-07 23:57 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-07 23:57 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-07 23:57 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-07 23:50 - 2016-05-07 23:50 - 00000000 ____D C:\WINDOWS\system32\nuh
2016-05-07 23:43 - 2016-05-08 03:16 - 00000000 ____D C:\AdwCleaner
2016-05-07 23:42 - 2016-05-07 23:42 - 00000000 ____D C:\bin
2016-05-07 23:30 - 2016-05-07 23:30 - 00000000 ____D C:\WINDOWS\system32\dokj
2016-05-07 23:22 - 2016-05-07 23:22 - 00000000 ____D C:\Program Files (x86)\SEARCH~1
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257E48
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257640
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01212C50
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444AE1378
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444ACA808
2016-05-07 23:07 - 2016-05-07 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MCorp
2016-05-07 23:02 - 2016-05-07 00:14 - 00303226 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\rive
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\hidg
2016-05-07 22:58 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Fofrefleab
2016-05-07 22:58 - 2016-05-08 00:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GyicloXieow
2016-05-07 22:58 - 2016-05-07 22:58 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-07 22:57 - 2016-05-07 22:57 - 00000000 ____H C:\WINDOWS\system32\BITE017.tmp
2016-05-07 22:56 - 2016-05-07 13:33 - 00305980 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-07 22:50 - 2016-05-07 22:45 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-05-07 22:48 - 2016-05-07 23:01 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForOwner.job
2016-05-07 22:48 - 2016-05-07 22:48 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForOwner
2016-05-07 22:47 - 2016-05-07 22:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-07 22:45 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Vhmecapout
2016-05-07 22:45 - 2016-05-07 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-07 22:45 - 2016-05-07 22:45 - 00000000 ____D C:\uninst
2016-05-07 22:37 - 2016-05-07 22:37 - 00000000 ____D C:\Users\Owner\Downloads\Future - EVOL (2016)
2016-05-07 22:37 - 2016-02-16 18:09 - 00000000 ____D C:\Users\Owner\Future - EVOL (2016)
2016-05-06 15:44 - 2016-05-06 15:44 - 00563712 _____ C:\WINDOWS\system32\bitst.exe
2016-04-15 07:55 - 2016-04-15 07:55 - 00025976 _____ C:\Users\Owner\Downloads\AcordFormPDF.PDF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-08 03:32 - 2014-07-26 12:52 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-05-08 03:23 - 2014-08-30 11:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-05-08 03:20 - 2016-02-06 13:58 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2016-05-08 03:17 - 2016-02-26 05:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-08 03:17 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-08 03:17 - 2015-07-30 22:53 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-05-08 02:57 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-08 02:55 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup
2016-05-08 02:53 - 2014-07-26 12:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2016-05-08 02:51 - 2014-08-30 11:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-08 02:41 - 2014-08-29 20:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-08 02:41 - 2014-08-29 20:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-05-08 02:39 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-08 02:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-08 02:39 - 2014-07-26 12:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-05-08 02:28 - 2014-07-26 12:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Synaptics
2016-05-08 02:11 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-08 01:50 - 2016-02-26 07:58 - 00000000 ____D C:\Windows.old
2016-05-08 00:22 - 2013-09-06 13:11 - 00000000 ____D C:\WINDOWS\en
2016-05-07 23:57 - 2016-03-13 22:08 - 00000000 ____D C:\ProgramData\TechSmith
2016-05-07 23:57 - 2014-04-17 08:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-07 23:56 - 2016-03-13 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\TechSmith
2016-05-07 23:08 - 2016-02-26 05:13 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-07 22:48 - 2016-02-26 05:14 - 00000000 ____D C:\Users\Owner
2016-05-07 22:43 - 2015-07-30 23:19 - 00002370 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-07 22:43 - 2014-07-27 16:39 - 00000000 ___RD C:\Users\Owner\OneDrive
2016-05-07 22:19 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-07 22:19 - 2013-09-06 13:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-07 20:29 - 2014-07-26 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-07 19:49 - 2014-07-26 12:52 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0FC62657-39F9-4780-BE35-FCB8108D6A8F}
2016-05-07 19:48 - 2014-07-26 14:51 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-07 19:43 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-07 19:41 - 2014-07-27 16:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-07 19:40 - 2016-03-13 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-04-22 03:57 - 2015-08-01 09:22 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-12-30 22:57 - 2014-12-30 22:57 - 0000047 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\DdneerHbHh.exe
C:\Users\Owner\AppData\Local\Temp\FlmWzYxlcu.exe
C:\Users\Owner\AppData\Local\Temp\fMl19Cw1pM.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\p4yumra9of.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 01:46
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by Owner (2016-05-08 03:55:24)
Running from C:\Users\Owner\Downloads
Windows 10 Home Version 1511 (X64) (2016-02-26 09:41:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2859492347-3794133011-314991818-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2859492347-3794133011-314991818-503 - Limited - Disabled)
Guest (S-1-5-21-2859492347-3794133011-314991818-501 - Limited - Disabled)
Owner (S-1-5-21-2859492347-3794133011-314991818-1002 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.2.8.17 - HP)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WebOptimum (x32 Version: 1.0.0.0 - bscodecs.com) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2859492347-3794133011-314991818-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EF637E-87B7-4664-A24F-F19DC0B74569} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1C67FE20-F362-4B80-8258-3DEFF57A886C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {20C3F2C3-5ED7-4AEE-980B-B246CF25C8F8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {243259C4-811E-463C-98D3-27D59DCAE613} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {314C3487-EDB3-4729-90D7-64E0DB6F3A98} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {4072E425-3709-4938-AA16-C54E31BFE358} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {45C2D3BB-2C4B-4BF6-B174-297738FE6D3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {52C8AF7D-A2B2-4FE8-8AE7-66A02F4E692C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-17] (Microsoft Corporation)
Task: {584ADBEA-495A-4519-BCCC-18F0B8FC9175} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {5B432A5F-1090-46AD-AE0A-1C9C616CDC65} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-05] (Microsoft Corporation)
Task: {60ACA253-7777-46D0-892A-93269EB8315C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62E8C7F1-A615-4751-B72E-D7C3E52BD771} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {649B0A8B-E618-42F8-8782-F4F7EB5A24FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {6FE2FF49-E457-4C0C-AEBE-8298A178E657} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {7ECAB0D0-D9F4-45C7-BD97-C4C83052AF40} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {839CE055-060A-4CA5-BCEC-6E27F776B29A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {868C201A-1007-43D7-889D-9EC7B6255BC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8BF97405-FE69-426D-BDF0-05EA6109518C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {918F94B1-0CDF-4D01-9F0F-839D59A10474} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-07] (Microsoft Corporation)
Task: {9DD059E9-C366-426B-AF3E-2CB450CBA0FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-05] (Microsoft Corporation)
Task: {9E20692A-3883-41AA-AB64-99F619DA9B5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {A843DDD1-4C6E-4680-9F5D-90D400FEAC6C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {BFAE8453-F223-4921-91E6-4550DE600FC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C23E4938-5CFC-48EA-BE48-9313BA1B88B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {DBE00BD1-85E6-4CB0-B064-0AC4746308C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EC173D43-FAA9-4ADC-B2A2-3EC644D52B29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {F9E05DB6-2A84-46F6-B905-658B7F238257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {FAE30C0F-A10F-4D3C-8398-0DDED26EB0D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {FBD587F0-BDEB-4E48-8112-F12D9730398E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FF5280E4-802C-419F-BCDD-303505320A13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 03:18 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-02 21:49 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 21:49 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-07 22:43 - 2016-05-07 22:43 - 00959176 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-11-05 10:44 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-07 21:08 - 2016-05-07 21:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-26 07:56 - 2016-02-26 07:56 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 21:31 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-26 07:56 - 2016-02-26 07:56 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-26 07:56 - 2016-02-26 07:56 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-26 07:56 - 2016-02-26 07:56 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-26 07:56 - 2016-02-26 07:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-07 21:08 - 2016-05-07 21:08 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-07 21:08 - 2016-05-07 21:08 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-08 02:41 - 2016-04-27 19:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-08 02:41 - 2016-04-27 19:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2859492347-3794133011-314991818-1002\...\sharepoint.com -> hxxps://knightsucfedu39751.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-05-08 02:05 - 00001534 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
1107.178.255.88 statcounter.com
107.178.255.88 ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
1107.178.255.88 statcounter.com
107.178.255.88 ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
1107.178.255.88 statcounter.com
107.178.255.88 ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
1107.178.255.88 statcounter.com
107.178.255.88 ssl.goo.88 partner.googleadservices.com
107.178.255.88 google-analytics.com127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4640EB8E-F96E-4C11-B4C2-091B6BF67066}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A8C340D0-9639-4CE0-9073-F448FF54ADA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AAD006DC-62A0-485B-918A-57F68BF9C12F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0EC27E9B-AA59-465A-8E6B-F39BCC61B1EA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{288DA778-493F-4CD1-A6FA-8982190DE377}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A992A13F-3422-43F7-904D-ABF794EDED2D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FE3D4655-FABC-427A-A463-A073D0636888}] => (Allow) LPort=2869
FirewallRules: [{CD02FAA6-18F0-444F-BA24-F1E627044DB8}] => (Allow) LPort=1900
FirewallRules: [{B272E049-AB0D-46D7-BD1E-0D445631900D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{1F721E72-4B6D-4F75-9CFF-C40C946A3ABD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{32A043B5-CD33-4798-8F62-24220613845C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{AA4749F9-0BA0-484F-B71E-72F0B66708A8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{F1A3CBA8-D80E-4843-84BB-95BECF2D607D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{83ADD45D-ABC0-4EFB-A9D3-35893E0CBF97}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{BEDDA5B2-1F45-488D-93BD-D76ABDB7B472}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B736A58-9390-4B43-A039-04DB124C7330}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3478E2A3-FF02-4B02-9D6C-6EA5DB94191C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC0FC0B1-7307-4259-B1C3-689D6AFE1A83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5CDEEA4D-1049-4EAF-A5E2-4C67F5A8A266}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D003FF39-57EB-4FAF-BFE7-9FE8CB56EE8C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0B2AB220-8789-4770-8392-D22FB2D44D44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3C47396D-5BB2-40CB-A1EB-A1172C5B2D66}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{01B092A6-C67A-4BDA-870A-A275CE3055A3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5ADE04F5-C594-4973-BF86-6188C528778E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4EFACAB7-F7EE-4BF8-B9B0-9C5BDC228675}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{B4AD23C9-BDE3-4ED9-AF86-FC73E96C4DF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E5E03C7B-52A5-4B76-8C2B-98A6DBDB4D2B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{60F040DD-4020-4183-8CBE-E88D3EFBBAEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{25FFECA2-2856-49AA-96E2-89946A58C120}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{FE776C12-A14C-4D0C-AF7E-552AFBDEC73A}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{11A872F6-75CB-46BE-AFD0-FA16E08B9D6A}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{E9BACD5C-BEEA-4776-B3F9-137184A85F55}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9D8B40C-1D8A-4B2C-8754-7FE24AC4A2EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F9084AC-1CF5-467E-B3DD-6AC8B0A2AB5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{78148FC8-0453-4422-BBFA-FA974AE25B44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00C3DD54-03D2-41E3-AFE5-72DDA481DF8C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A4DB980D-0720-4B3D-A99C-A246556FF9BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-03-2016 21:23:58 Windows Update
17-03-2016 21:01:37 Windows Update
17-03-2016 21:03:02 Installed iTunes
29-03-2016 21:30:38 Windows Update
15-04-2016 07:50:51 Windows Update
07-05-2016 19:47:10 Windows Update
08-05-2016 01:16:09 JRT Pre-Junkware Removal
08-05-2016 02:20:25 JRT Pre-Junkware Removal
08-05-2016 03:22:15 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/08/2016 03:22:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (05/08/2016 03:17:58 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 03:01:30 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 03:00:24 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 02:44:17 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 02:44:08 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 02:30:41 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 02:20:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (05/08/2016 02:15:17 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
 
Error: (05/08/2016 02:14:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/08/2016 03:21:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (05/08/2016 03:18:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zenbuc service failed to start due to the following error: 
%%2
 
Error: (05/08/2016 03:18:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scheduler service failed to start due to the following error: 
%%2
 
Error: (05/08/2016 03:18:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
 
Error: (05/08/2016 03:17:06 AM) (Source: DCOM) (EventID: 10010) (User: HP-PC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (05/08/2016 03:17:06 AM) (Source: DCOM) (EventID: 10010) (User: HP-PC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (05/08/2016 03:17:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3c470 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/08/2016 03:17:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3c470 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/08/2016 03:17:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3c470 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/08/2016 03:17:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3c470 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-08 01:14:57.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-05-07 23:11:04.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-07 23:10:43.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-05-07 22:54:05.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:05.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:05.116
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:04.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:04.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:04.164
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-07 22:54:02.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 48%
Total physical RAM: 3270.26 MB
Available physical RAM: 1676.49 MB
Total Virtual: 3846.26 MB
Available Virtual: 2242.96 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:676.68 GB) (Free:603.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 429EAAF4)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 


#4 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 08 May 2016 - 10:01 AM

There’s a fair bit to clean up but there are a couple of folders that don’t have default names so I’d like to see what’s in them before I send “fix” instructions.

Please download SystemLook from the link below and save it to your Desktop.

SystemLook (64-bit)

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:
    :dir /s
    C:\Users\Owner\AppData\Roaming\MCorp
    C:\Users\Owner\AppData\Local\Tempfolder
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

I will be gone for a while now but will send further instructions later.

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 10:23 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 11:22 on 08/05/2016 by Owner
Administrator - Elevation successful
 
Invalid Context: dir /s
 
No Context: C:\Users\Owner\AppData\Roaming\MCorp
 
No Context: C:\Users\Owner\AppData\Local\Tempfolder
 
-= EOF =-


#6 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 08 May 2016 - 11:12 AM

Apologies, I think I've been in the sun too long or something because I gave you the wrong directive. It should be:

:dir
C:\Users\Owner\AppData\Roaming\MCorp /s
C:\Users\Owner\AppData\Local\Tempfolder /s

You caught me just as I was about to leave but I'll be back later.

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 11:19 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 12:18 on 08/05/2016 by Owner
Administrator - Elevation successful
 
========== dir ==========
 
C:\Users\Owner\AppData\Roaming\MCorp - Parameters: "/s"
 
---Files---
None found.
 
C:\Users\Owner\AppData\Roaming\MCorp\1147 d------ [03:07 08/05/2016]
udpx --a---- 8 bytes [03:07 08/05/2016] [03:07 08/05/2016]
 
C:\Users\Owner\AppData\Local\Tempfolder - Parameters: "/s"
 
---Files---
None found.
 
No folders found.
 
-= EOF =-
 
and thanks for the speedy replies


#8 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 08 May 2016 - 04:31 PM

thanks for the speedy replies

 

I try my best but I'm in the UK and so sometimes a delay may be inevitable.

 

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan click on the “Registry” tab
  • make sure these entries are checked, then click on Delete:

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found


Please include the Delete log in your next post.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

HKLM-x32\...\RunOnce: [systwin] => "systwin.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir="
S2 Scheduler; "C:\Program Files (x86)\Windriver\Scheduler.Service.exe" [X]
S2 Zenbuc; "C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms [X]
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
2016-05-07 23:30 - 2016-05-07 23:30 - 00000000 ____D C:\WINDOWS\system32\dokj
2016-05-07 23:22 - 2016-05-07 23:22 - 00000000 ____D C:\Program Files (x86)\SEARCH~1
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257E48
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257640
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01212C50
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444AE1378
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444ACA808
2016-05-07 23:07 - 2016-05-07 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MCorp
2016-05-07 23:02 - 2016-05-07 00:14 - 00303226 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\rive
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\hidg
2016-05-07 22:58 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Fofrefleab
2016-05-07 22:58 - 2016-05-08 00:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GyicloXieow
2016-05-07 22:58 - 2016-05-07 22:58 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-07 22:57 - 2016-05-07 22:57 - 00000000 ____H C:\WINDOWS\system32\BITE017.tmp
2016-05-07 22:56 - 2016-05-07 13:33 - 00305980 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-07 22:45 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Vhmecapout
2016-05-07 22:45 - 2016-05-07 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-07 22:45 - 2016-05-07 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-07 22:45 - 2016-05-07 22:45 - 00000000 ____D C:\uninst
2016-05-07 22:37 - 2016-05-07 22:37 - 00000000 ____D C:\Users\Owner\Downloads\Future - EVOL (2016)
2016-05-07 22:37 - 2016-02-16 18:09 - 00000000 ____D C:\Users\Owner\Future - EVOL (2016)
2016-05-06 15:44 - 2016-05-06 15:44 - 00563712 _____ C:\WINDOWS\system32\bitst.exe
Task: {00EF637E-87B7-4664-A24F-F19DC0B74569} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1C67FE20-F362-4B80-8258-3DEFF57A886C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {243259C4-811E-463C-98D3-27D59DCAE613} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {314C3487-EDB3-4729-90D7-64E0DB6F3A98} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {839CE055-060A-4CA5-BCEC-6E27F776B29A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {868C201A-1007-43D7-889D-9EC7B6255BC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BFAE8453-F223-4921-91E6-4550DE600FC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DBE00BD1-85E6-4CB0-B064-0AC4746308C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FBD587F0-BDEB-4E48-8112-F12D9730398E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FF5280E4-802C-419F-BCDD-303505320A13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Users\Owner\AppData\Local\Temp\DdneerHbHh.exe
C:\Users\Owner\AppData\Local\Temp\FlmWzYxlcu.exe
C:\Users\Owner\AppData\Local\Temp\fMl19Cw1pM.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\p4yumra9of.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Hosts:
EmptyTemp

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Logs to include with next post:

RogueKiller delete log
Fixlog.txt


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 05:21 PM

When i went to go select the four files from RogueKiller i accidentally forgot to click the first one i ran rougue killer again thinking it would show up and then delete it but after i ran the scan it came back with 0 threats

 

RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/08/2016 17:54:04
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Zenbuc ("C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms) -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> ERROR [2]
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 SATA Disk Device +++++
--- User ---
[MBR] 51151b5ae2a4da61795c083f8ec2bcf4
[BSP] fce01d35831ca999a72f5c98e750e15a : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 692922 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1420722176 | Size: 847 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1422456832 | Size: 20845 MB
User = LL1 ... OK
User = LL2 ... OK
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by Owner (2016-05-08 18:17:51) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\RunOnce: [systwin] => "systwin.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2859492347-3794133011-314991818-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_forstw01_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtA0BtD0CtAyC0E0D0FtN0D0Tzu0StCtDzyyEtN1L2XzutAtFyBtFtDtFtCtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0FtByEtCyCtDyBtGtAyC0AzytGtA0A0A0CtGyDzyzyyEtGyDtC0FyByD0FtD0DtByCzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0B0A0FyCyB0DtAtGtB0E0BtCtGyEtAtCyEtGzztCtA0CtGyD0Bzz0D0DyEyC0FtAyBzz0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1508836986&ir="
S2 Scheduler; "C:\Program Files (x86)\Windriver\Scheduler.Service.exe" [X]
S2 Zenbuc; "C:\Users\Owner\AppData\Roaming\JepqoeJuumidi\Mikjo.exe" -cms [X]
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
2016-05-07 23:30 - 2016-05-07 23:30 - 00000000 ____D C:\WINDOWS\system32\dokj
2016-05-07 23:22 - 2016-05-07 23:22 - 00000000 ____D C:\Program Files (x86)\SEARCH~1
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257E48
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01257640
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow01212C50
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444AE1378
2016-05-07 23:19 - 2016-05-07 23:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow0000021444ACA808
2016-05-07 23:07 - 2016-05-07 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MCorp
2016-05-07 23:02 - 2016-05-07 00:14 - 00303226 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\rive
2016-05-07 22:59 - 2016-05-07 22:59 - 00000000 ____D C:\WINDOWS\system32\hidg
2016-05-07 22:58 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Fofrefleab
2016-05-07 22:58 - 2016-05-08 00:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GyicloXieow
2016-05-07 22:58 - 2016-05-07 22:58 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-07 22:57 - 2016-05-07 22:57 - 00000000 ____H C:\WINDOWS\system32\BITE017.tmp
2016-05-07 22:56 - 2016-05-07 13:33 - 00305980 _____ ( ) C:\WINDOWS\systwin.exe
2016-05-07 22:45 - 2016-05-08 00:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Vhmecapout
2016-05-07 22:45 - 2016-05-07 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-07 22:45 - 2016-05-07 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder
2016-05-07 22:45 - 2016-05-07 22:45 - 00000000 ____D C:\uninst
2016-05-07 22:37 - 2016-05-07 22:37 - 00000000 ____D C:\Users\Owner\Downloads\Future - EVOL (2016)
2016-05-07 22:37 - 2016-02-16 18:09 - 00000000 ____D C:\Users\Owner\Future - EVOL (2016)
2016-05-06 15:44 - 2016-05-06 15:44 - 00563712 _____ C:\WINDOWS\system32\bitst.exe
Task: {00EF637E-87B7-4664-A24F-F19DC0B74569} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1C67FE20-F362-4B80-8258-3DEFF57A886C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {243259C4-811E-463C-98D3-27D59DCAE613} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {314C3487-EDB3-4729-90D7-64E0DB6F3A98} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {839CE055-060A-4CA5-BCEC-6E27F776B29A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {868C201A-1007-43D7-889D-9EC7B6255BC6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BFAE8453-F223-4921-91E6-4550DE600FC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DBE00BD1-85E6-4CB0-B064-0AC4746308C3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FBD587F0-BDEB-4E48-8112-F12D9730398E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FF5280E4-802C-419F-BCDD-303505320A13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Users\Owner\AppData\Local\Temp\DdneerHbHh.exe
C:\Users\Owner\AppData\Local\Temp\FlmWzYxlcu.exe
C:\Users\Owner\AppData\Local\Temp\fMl19Cw1pM.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\p4yumra9of.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Hosts:
EmptyTemp
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\systwin => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2859492347-3794133011-314991818-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Scheduler => service removed successfully
Zenbuc => service not found.
SmbDrv => service removed successfully
SmbDrvI => service removed successfully
C:\WINDOWS\system32\dokj => moved successfully
C:\Program Files (x86)\SEARCH~1 => moved successfully
C:\Users\Owner\AppData\LocalLow01257E48 => moved successfully
C:\Users\Owner\AppData\LocalLow01257640 => moved successfully
C:\Users\Owner\AppData\LocalLow01212C50 => moved successfully
C:\Users\Owner\AppData\LocalLow0000021444AE1378 => moved successfully
C:\Users\Owner\AppData\LocalLow0000021444ACA808 => moved successfully
C:\Users\Owner\AppData\Roaming\MCorp => moved successfully
C:\WINDOWS\AdBlock.exe => moved successfully
C:\WINDOWS\system32\rive => moved successfully
C:\WINDOWS\system32\hidg => moved successfully
C:\Users\Owner\AppData\Roaming\Fofrefleab => moved successfully
C:\Users\Owner\AppData\Roaming\GyicloXieow => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\WINDOWS\system32\BITE017.tmp => moved successfully
C:\WINDOWS\systwin.exe => moved successfully
C:\Users\Owner\AppData\Roaming\Vhmecapout => moved successfully
C:\Users\Owner\AppData\Local\Tempfolder => moved successfully
"C:\Users\Owner\AppData\Local\Tempfolder" => not found.
C:\uninst => moved successfully
C:\Users\Owner\Downloads\Future - EVOL (2016) => moved successfully
C:\Users\Owner\Future - EVOL (2016) => moved successfully
C:\WINDOWS\system32\bitst.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00EF637E-87B7-4664-A24F-F19DC0B74569}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00EF637E-87B7-4664-A24F-F19DC0B74569}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C67FE20-F362-4B80-8258-3DEFF57A886C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C67FE20-F362-4B80-8258-3DEFF57A886C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{243259C4-811E-463C-98D3-27D59DCAE613}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{243259C4-811E-463C-98D3-27D59DCAE613}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{314C3487-EDB3-4729-90D7-64E0DB6F3A98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314C3487-EDB3-4729-90D7-64E0DB6F3A98}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{839CE055-060A-4CA5-BCEC-6E27F776B29A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{839CE055-060A-4CA5-BCEC-6E27F776B29A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{868C201A-1007-43D7-889D-9EC7B6255BC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868C201A-1007-43D7-889D-9EC7B6255BC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFAE8453-F223-4921-91E6-4550DE600FC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFAE8453-F223-4921-91E6-4550DE600FC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBE00BD1-85E6-4CB0-B064-0AC4746308C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBE00BD1-85E6-4CB0-B064-0AC4746308C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBD587F0-BDEB-4E48-8112-F12D9730398E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD587F0-BDEB-4E48-8112-F12D9730398E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF5280E4-802C-419F-BCDD-303505320A13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF5280E4-802C-419F-BCDD-303505320A13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\Users\Owner\AppData\Local\Temp\DdneerHbHh.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\FlmWzYxlcu.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\fMl19Cw1pM.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\p4yumra9of.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp => Error: No automatic fix found for this entry.
 
==== End of Fixlog 18:17:59 ====


#10 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 May 2016 - 07:32 PM

Also this just happened, chrome quit on me, a command prompt open couldn't copy what it said before it closed. I then opened chrome which opened fine, however a new browser called "browserair" opened as well. I closed it and it hasn't reopened and chrome so far is working fine still, it still opens random ads occasionally when browsing.


Edited by ecanela2507, 08 May 2016 - 07:33 PM.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 09 May 2016 - 02:54 AM

I think that uninstalling Chrome may the best answer. You cannot remove some Chrome problems except with an uninstall/re-install of Chrome, (even though Google have been aware of this since 2008 and haven't bothered to do anything about it).

Uninstall/Reinstall Google Chrome

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under “Sign in” click on Disconnect your Google Account – (if “Disconnect your Google Account” is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on “Google Dashboard” then, at the “Chrome sync” screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, click on Start > Control Panel > Programs and Features (or Add/Remove Programs in XP) and uninstall Google Chrome. Select Everything for removal if asked.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

================================================

Download and run Tweaking.com - Windows Repair

Download Windows Repair from here

  • install and then run the program
  • ignore steps 1-5 and click on + Repair
  • then, in the same window, click on the “Open Repairs” tab:
  • click Start
  • at the “Repair Options” screen, be sure the following is selected:
    14, (Repair Proxy Settings}
  • also check Restart System When Finished.
  • now press Start.

Once that is complete, please let me know what the changes are.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 09 May 2016 - 02:51 PM

My initial problems are all solved now i get no ads however, chrome won't keep me signed in every time I close chrome and reopen it ask me to sign in and the homepage keeps getting reset to "http://www-searching.com/?prd=set_epf&s=g58zftpbl0cshmoao,e2e39059-99e4-4e22-948f-1e3a461c3e2e.", besides this everything else seems normal. Another question, is it safe to delete "browserair" it is still on my desktop.



#13 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 09 May 2016 - 06:03 PM

is it safe to delete "browserair" it is still on my desktop.

Yes

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here
 

Logs to include with the next post:

Mbam.txt
Eset result


Can you tell me if there are any outstanding problems.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 ecanela2507

ecanela2507
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 09 May 2016 - 09:11 PM

When i ran MBAM it told me it found 282 threat after it finished it requested to restart which i did. When i opened MBAM to open the scan log, it was empty however when i opened the protection log i saw that it classified the 282 threats as non malware. i am posting the proctection log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/9/2016 8:47 PM, SYSTEM, HP-PC, Manual, Remediation Database, 2016.2.12.1, 2016.5.6.1, 
Update, 5/9/2016 8:47 PM, SYSTEM, HP-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.5.6.1, 
Update, 5/9/2016 8:47 PM, SYSTEM, HP-PC, Manual, Domain Database, 2016.2.16.8, 2016.5.9.4, 
Update, 5/9/2016 8:47 PM, SYSTEM, HP-PC, Manual, Malware Database, 2016.2.16.6, 2016.5.9.6, 
Update, 5/9/2016 8:47 PM, SYSTEM, HP-PC, Manual, IP Database, 2016.2.8.1, 2016.5.8.1, 
Scan, 5/9/2016 9:13 PM, SYSTEM, HP-PC, Manual, Start:5/9/2016 8:48 PM, Duration:23 min 58 sec, Threat Scan, Completed, 0 Malware Detections, 282 Non-Malware Detections, 
 
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\rlz_id.dll.vir Win32/SpeedBit.AL potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\sma.exe.vir a variant of Win64/SpeedBit.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smci32.dll.vir a variant of Win32/SpeedBit.AI potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smci64.dll.vir a variant of Win64/SpeedBit.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smi32.exe.vir a variant of Win32/SpeedBit.AL potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smi64.exe.vir a variant of Win64/SpeedBit.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smu.exe.vir a variant of Win64/SpeedBit.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\SMUninstall.exe.vir a variant of Win32/SpeedBit.AI potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Doobzo\GSUpdate\smw.sys.vir a variant of Win64/SpeedBit.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Max Driver Updater\maxdu.exe.vir a variant of Win32/Systweak.R potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Max Driver Updater\uninstaller.exe.vir a variant of MSIL/Injector.ORY trojan
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MyPC Backup\DEL_BackupStackUI.dll.vir a variant of MSIL/MyPCBackup.A potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe.vir MSIL/MyPCBackup.E potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WSE_Vosteran\uninstall.exe.vir a variant of Win32/InstallCore.ADB potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\ProgramData\smp2.exe.vir a variant of Win32/SpeedBit.AI potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\ProgramData\Service1291\Service1291.exe.vir a variant of Win32/Adware.CouponMarvel.X application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\drivers\bsdpr64.sys.vir a variant of Win64/Riskware.Komodia.F application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\fMl19Cw1pM.exe.xBAD a variant of Win32/Packed.NSISmod.R suspicious application
C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Fofrefleab\Dopbhla.dll a variant of Win64/TrojanDropper.Addrop.B trojan
C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Fofrefleab\Dopbhla.exe a variant of Win64/TrojanDropper.Addrop.B trojan
C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Vhmecapout\Dekeedua.dll a variant of Win64/TrojanDropper.Addrop.B trojan
C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\Vhmecapout\Dekeedua.exe a variant of Win64/TrojanDropper.Addrop.B trojan
 
 
 
(end)

Edited by ecanela2507, 09 May 2016 - 09:11 PM.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:46 AM

Posted 10 May 2016 - 04:10 AM

That looks fine. All that Eset found is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

Can you tell me if there are any outstanding problems.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users