Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup: Windows has found an error in xxx.exe Please call (various phone numbers)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Neil Bradley

Neil Bradley

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 29 August 2016 - 01:48 PM

The popup displays various file names and numerous different phone numbers each time it appears.

 

In troubleshooting and attempting to remove this popup, I have performed the following:

1.  Malwarebytes scan.

2.  Avast Boot time scan.

3.  Removed a disabled BHO with a name of only a registry key by deleting the key from the registry.

 

 

Both Malwarebytes and Avast have found and removed "Pup" type infections, but the popup still comes back.

 

I have ran the FRST and also did a hijackthis scan, both of which are attached.

 

Neil

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 30 August 2016 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need to see the FRST.txt log created by the Farbar tool.

Please post it in your next reply.

I will then review your logs.

#3 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 30 August 2016 - 08:17 PM

One additional note:  I know I have two antivirus programs installed, I just put the avast in the pc to run the boot time scan.  I will remove it once we are done here.
 
Neil
 <><>
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by Joan (administrator) on JOAN-HP (29-08-2016 13:22:20)
Running from C:\Users\Joan\Desktop
Loaded Profiles: Joan (Available Profiles: Joan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{6D2B8576-3F72-F94C-8234-A4807CA97284}\YSearchUtilSVC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
() C:\Users\Joan\AppData\Roaming\Event Monitor\em.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-29] (AVAST Software)
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\Run: [Chromium] => "c:\users\joan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{65db09e6-9e47-473d-949c-929b28b2bae2}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{65db09e6-9e47-473d-949c-929b28b2bae2}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{77645b7b-e804-47d8-a83a-3395652000b5}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{77645b7b-e804-47d8-a83a-3395652000b5}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{789b94c6-de2a-45c9-ba78-b2e2bdf1290a}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{789b94c6-de2a-45c9-ba78-b2e2bdf1290a}: [DhcpNameServer] 82.163.142.7
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE9IWYTwVI9JqYTNVQ3vCoVNVA4IWYWwVJdJCIWwVU9GqYVNUI3wGYGwVM4J6oWvFM9GqUNNos3wCIYwVA9JmIYwVA9J6ITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4Jmk4NVE9JaYTwVU9ISIWwVw9J6k3vFRdICISwVU9Jmk4NVI9I6oVNVI3vmoUwVxdJmIWNVE9J6oVNVE4J6IVwVI9J6oWvmpbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oUvFI9JGYTNVI9IWYUvmo9I6IYNVI9JmoVwVw4IGYVwVM9JCISNVU4ISIVNVA9IaYTvFQ9J6k3wVU4JmoVNVE4JqYUNVI9JGQIwV5dJGYNvmE9JrFbMnMbQGMVMGx8LWR9LGN5QGR7BHFaISopzU0aCaV7CaR4C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVaMGJ9MqNbLZ%3D%3D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE9IWYTwVI9JqYTNVQ3vCoVNVA4IWYWwVJdJCIWwVU9GqYVNUI3wGYGwVM4J6oWvFM9GqUNNos3wCIYwVA9JmIYwVA9J6ITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4Jmk4NVE9JaYTwVU9ISIWwVw9J6k3vFRdICISwVU9Jmk4NVI9I6oVNVI3vmoUwVxdJmIWNVE9J6oVNVE4J6IVwVI9J6oWvmpbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oUvFI9JGYTNVI9IWYUvmo9I6IYNVI9JmoVwVw4IGYVwVM9JCISNVU4ISIVNVA9IaYTvFQ9J6k3wVU4JmoVNVE4JqYUNVI9JGQIwV5dJGYNvmE9JrFbMnMbQGMVMGx8LWR9LGN5QGR7BHFaISopzU0aCaV7CaR4C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVaMGJ9MqNbLZ%3D%3D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://yahoo.com/
URLSearchHook: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm162^YYA^us&si=49588_New-OMF-Gem&ptb=84AD236F-46D3-494D-8F3C-9CEB81F06C6D&ind=2016022716&n=782a10bc&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {A20B4056-E8D1-4463-B5ED-CFA13649A3F8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-23] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1237411288-474285397-2512584859-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Partner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-08-29]
CHR Extension: (Google Docs) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (Search Manager) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-08-29]
CHR Extension: (Yahoo Partner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2016-08-29]
CHR Extension: (YouTube) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR Extension: (Gmail) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-03] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-15] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{6D2B8576-3F72-F94C-8234-A4807CA97284}\YSearchUtilSvc.exe [182736 2016-05-16] (Yahoo Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [83312 2016-08-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-29] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 13:28 - 2016-08-29 13:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joan\Desktop\HijackThis.exe
2016-08-29 13:22 - 2016-08-29 13:25 - 00029324 _____ C:\Users\Joan\Desktop\FRST.txt
2016-08-29 13:22 - 2016-08-29 13:22 - 00000000 ____D C:\FRST
2016-08-29 13:20 - 2016-08-29 13:20 - 02397696 _____ (Farbar) C:\Users\Joan\Desktop\FRST64.exe
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-08-29 12:17 - 2016-08-29 12:17 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-29 12:17 - 2016-08-29 12:17 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-08-29 10:06 - 2016-08-29 10:01 - 00083312 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2016-08-29 10:02 - 2016-08-29 10:02 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1472482945
2016-08-29 10:02 - 2016-08-29 10:02 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-29 10:01 - 2016-08-29 10:01 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-29 09:57 - 2016-08-29 09:57 - 00000000 ____D C:\Users\Joan\AppData\Roaming\AVAST Software
2016-08-29 09:56 - 2016-08-29 09:56 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-29 09:56 - 2016-08-29 09:56 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-08-29 09:56 - 2016-08-29 09:56 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-29 09:55 - 2016-08-29 09:55 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-29 09:55 - 2016-08-29 09:55 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 09:55 - 2016-08-29 09:55 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 09:52 - 2016-08-29 10:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-29 09:52 - 2016-08-29 10:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-28 19:31 - 2016-08-29 12:18 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-08-25 18:44 - 2016-08-25 18:44 - 00000000 ____D C:\Users\Joan\Documents\Attachments_2016825
2016-08-24 12:20 - 2016-08-29 09:02 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-08-23 06:59 - 2016-08-23 06:59 - 05933558 _____ (MediaPlayAir ) C:\Users\Joan\Downloads\FlashPlayerPro [1].exe
2016-08-20 09:26 - 2016-08-20 09:26 - 00000000 ____D C:\ProgramData\701cbf1f-0443-0
2016-08-20 09:25 - 2016-08-20 09:25 - 00000000 ____D C:\ProgramData\{161592c4-412c-1}
2016-08-20 09:25 - 2016-08-20 09:25 - 00000000 ____D C:\ProgramData\{01386962-412c-0}
2016-08-18 16:37 - 2016-08-18 16:37 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 16:35 - 2016-08-18 16:35 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Skype
2016-08-16 12:01 - 2016-08-16 12:01 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-16 10:04 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-16 10:04 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-16 10:04 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-16 10:04 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-16 10:04 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-16 10:04 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-16 10:04 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-16 10:04 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-16 10:04 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-16 10:04 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-16 10:04 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-16 10:04 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-16 10:04 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-16 10:04 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-16 10:04 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-16 10:04 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-16 10:04 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-16 10:04 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-16 10:04 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-16 10:04 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-16 10:04 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-16 10:04 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-16 10:04 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-16 10:04 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-16 10:04 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-16 10:04 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-16 10:04 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-16 10:04 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-16 10:04 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-16 10:04 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-16 10:04 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-16 10:04 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-16 10:04 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-16 10:04 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-16 10:04 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-16 10:04 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-16 10:04 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-16 10:04 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-16 10:04 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-16 10:04 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-16 10:04 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-16 10:04 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-16 10:04 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-16 10:04 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-16 10:04 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-16 10:04 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-16 10:04 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-16 10:04 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-16 10:04 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-16 10:04 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-16 10:04 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-16 10:04 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-16 10:04 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-16 10:04 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-16 10:04 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-16 10:04 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-16 10:04 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-16 10:04 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-16 10:04 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-16 10:04 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-16 10:04 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-16 10:04 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-16 10:04 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-16 10:04 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-16 10:03 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-16 10:03 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-16 10:03 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-16 10:03 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-16 10:03 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-16 10:03 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-16 10:03 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-16 10:03 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-16 10:03 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-16 10:03 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-16 10:03 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-16 10:03 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-16 10:03 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-16 10:03 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-16 10:03 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-16 10:03 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-16 10:03 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-16 10:03 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-16 10:03 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-16 10:03 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-16 10:03 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-16 10:03 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-16 10:03 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-16 10:03 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-16 10:03 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-16 10:03 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-16 10:03 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-16 10:03 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-16 10:03 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-16 10:03 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-16 10:03 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-16 10:03 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-16 10:03 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-16 10:03 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-16 10:03 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-16 10:03 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-16 10:03 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-16 10:03 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-16 10:03 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-16 10:03 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-16 10:03 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-16 10:03 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-16 10:03 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-16 10:03 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-16 10:03 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-16 10:03 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-16 10:02 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-16 10:02 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-16 10:02 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-16 10:02 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-16 10:02 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-16 10:02 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-16 10:02 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-16 10:02 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-16 10:02 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-16 10:02 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-07-30 10:24 - 2016-07-30 10:24 - 00001543 _____ C:\Users\Joan\Desktop\Internet Explorer.lnk
2016-07-30 10:06 - 2016-07-30 10:06 - 00003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-07-30 09:15 - 2016-07-30 09:15 - 00000000 ____D C:\Users\Joan\AppData\Local\HP_Development_Company,_L
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 13:15 - 2014-05-19 16:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-29 13:12 - 2015-10-30 14:12 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-320 Series Update {5F8F03BC-5FFF-46AA-AC52-2D10C18C0B32}.job
2016-08-29 12:51 - 2014-05-19 15:54 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-29 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-29 12:18 - 2016-05-09 13:25 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Event Monitor
2016-08-29 12:17 - 2016-07-15 04:21 - 00003104 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2016-08-29 12:17 - 2014-06-17 10:00 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a3cdd1e13c8.job
2016-08-29 12:14 - 2016-04-27 01:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-29 11:10 - 2016-05-09 13:22 - 00000000 ____D C:\Users\Joan\AppData\Local\{BEC7889B-9A6F-E423-F7F7-C1CBD39F3D53}
2016-08-29 10:07 - 2016-07-15 03:32 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-29 10:07 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-29 09:52 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-29 09:31 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\b589be03
2016-08-29 09:15 - 2016-07-14 11:11 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoan.job
2016-08-28 19:41 - 2014-05-14 17:30 - 00000000 ____D C:\Users\Joan\Documents\Family Tree Maker
2016-08-27 07:22 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-26 06:04 - 2016-07-15 04:21 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-08-26 06:04 - 2016-07-15 04:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-08-23 11:34 - 2015-04-21 21:11 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-23 11:34 - 2015-03-06 13:22 - 00000000 ____D C:\ProgramData\Oracle
2016-08-23 11:33 - 2016-06-19 14:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-23 11:33 - 2016-06-19 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-23 11:33 - 2015-08-28 09:43 - 00000000 ____D C:\Users\Joan\.oracle_jre_usage
2016-08-22 16:29 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-20 09:26 - 2016-07-23 11:04 - 00000000 ____D C:\ProgramData\701cbf1f-1db5-0
2016-08-20 09:26 - 2016-07-23 10:59 - 00003880 _____ C:\WINDOWS\System32\Tasks\{4B529788-D8C2-FA5D-1EBF-1C70A7D13132}
2016-08-20 09:26 - 2016-07-23 10:59 - 00000000 ____D C:\ProgramData\701cbf1f-75c1-0
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{12188146-112c-0}
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{0724cabb-512c-0}
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{01e30d8e-412c-1}
2016-08-19 10:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-18 16:37 - 2016-07-15 07:51 - 00002367 _____ C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 16:37 - 2016-07-15 07:51 - 00000000 ___RD C:\Users\Joan\OneDrive
2016-08-17 09:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 02:12 - 2016-04-27 01:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-17 02:05 - 2016-04-27 01:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 02:05 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 02:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-16 12:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-16 12:03 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-16 12:00 - 2014-05-21 04:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-16 11:47 - 2014-05-21 04:13 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-16 08:54 - 2015-08-14 15:25 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-16 08:54 - 2015-08-14 15:25 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-15 16:09 - 2016-07-15 03:37 - 00000000 ____D C:\Users\Joan
2016-08-15 15:04 - 2013-12-25 20:02 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-08-15 15:03 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-02 09:01 - 2015-04-24 09:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-30 13:49 - 2013-12-25 20:02 - 00000000 ____D C:\ProgramData\McAfee
2016-07-30 10:21 - 2016-07-07 12:07 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Jawego
2016-07-30 10:19 - 2013-12-25 19:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-07-30 10:19 - 2013-12-25 19:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-07-30 10:17 - 2016-07-15 04:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-07-30 10:17 - 2013-12-25 19:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-07-30 10:10 - 2016-07-16 10:24 - 00000000 ____D C:\Users\Joan\AppData\Roaming\{2A271C9C-0F75-71EA-6443-5638B891AB06}
2016-07-30 10:09 - 2016-05-09 13:24 - 00000000 ____D C:\Users\Joan\AppData\Local\Chromium
2016-07-30 09:24 - 2016-07-15 03:36 - 00972168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-30 09:17 - 2016-04-27 01:29 - 00754952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-30 09:15 - 2016-07-15 04:21 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoan
2016-07-30 09:11 - 2013-12-25 19:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-30 09:09 - 2014-05-31 10:29 - 00000000 ____D C:\Users\Joan\AppData\Roaming\hpqLog
2016-07-30 08:54 - 2013-09-02 23:57 - 00000000 ____D C:\SWSETUP
 
==================== Files in the root of some directories =======
 
2016-05-09 14:23 - 2016-07-24 14:24 - 0000144 _____ () C:\Users\Joan\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Joan\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Joan\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Joan\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Joan\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-29 13:04
 
==================== End of FRST.txt ============================

Edited by Neil Bradley, 30 August 2016 - 08:19 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 31 August 2016 - 12:59 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Windows\SysWOW64\AmoWindowService.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\uk6juro9.default\user.js [2014-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amodb Service; C:\Windows\SysWOW64\AmoWindowService.exe [245248 2016-01-21] () [File not signed]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{799ecd20-c226-11e5-b4a0-74de2b79a921} [20]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{799ecd21-c226-11e5-b4a0-74de2b79a921} [31]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{9e52f855-c22b-11e5-9b19-74de2b79a921} [20]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{9e52f856-c22b-11e5-9b19-74de2b79a921} [31]
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\laktrd
MSCONFIG\startupreg: laktrd => rundll32.exe "C:\Users\owner\AppData\Local\laktrd.dll",laktrd
URLSearchHook: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm162^YYA^us&si=49588_New-OMF-Gem&ptb=84AD236F-46D3-494D-8F3C-9CEB81F06C6D&ind=2016022716&n=782a10bc&psa=&st=sb&searchfor={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
CHR Extension: (Search Manager) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
Task: {1A2A057E-70A6-49E5-BC18-E88EADDD4C47} - \WPD\SqmUpload_S-1-5-21-1237411288-474285397-2512584859-1001 -> No File <==== ATTENTION
Task: {28D39D46-E8DC-4B44-A7DE-C49E4F66128B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B3AD374-639B-4BC5-AA75-7EF72D47185A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3678CA85-266E-4DD7-8BB7-5EBE5A24CB45} - System32\Tasks\{A2C1DDAA-A9E9-4C67-BCE0-C2ECC3678489} => pcalua.exe -a C:\Users\Joan\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUn.exe
Task: {46AF82C1-9A46-4A6D-8D91-72CC2CFC6842} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4B25E5A0-366E-427B-BCAC-4584F537564D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52370CE4-2574-4793-B854-13DE7117264A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {63215ED5-6416-41DA-83B5-96A4CC82C0BB} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {678E5DDA-8B60-4D83-8025-C494660E2992} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6EEDCD0C-9E62-41CF-B904-A7C3595E881F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7185BD06-F8CA-4713-93F0-E5F9E51AC603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CD0DE27-511E-4413-9E38-20FED75BC055} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D6F9789-3D8C-47C4-8F52-22FC6DC8541B} - \ASP -> No File <==== ATTENTION
Task: {9580BFE7-8A9A-4E46-A805-B3EB1BA5B0AC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F858933-90E8-4A1C-9CDE-FE17A5AA8D41} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C3E1E294-C4B1-4DB0-A87A-47F574BCC1CB} - System32\Tasks\Kelunnae => C:\ProgramData\Kelunnae\1.0.4.1\dnuiohur.exe [2015-08-13] ()
Task: {C42A4ED5-C888-420D-837C-9FDCCB338A2D} - System32\Tasks\{4B529788-D8C2-FA5D-1EBF-1C70A7D13132} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\b589be03\ef2e1626.dll" <==== ATTENTION
Task: {F39B3918-FEAC-4E8E-B582-EFDDB1E43894} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
C:\ProgramData\Kelunnae\1.0.4.1\dnuiohur.exe
C:\PROGRA~3\b589be03
C:\Users\Joan\AppData\Roaming\ShopAtHome
C:\Users\owner\AppData\Local\laktrd.dll
C:\Windows\SysWOW64\AmoWindowService.exe
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problems persists.

#5 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 August 2016 - 07:57 PM

After running the fix and the ADW cleaner, The popup immediately reappeared.  In addition, the computer is now experiencing extreme slowness in IE, and numerous additional popups of DNSunlocker.com when IE is open.

 During the FRST scan, encountered about a dozen errors about 'unable to access drive F:'  Note that there is no drive F on the pc.

 

Logs Follow:

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Joan (31-08-2016 19:12:18) Run:1
Running from C:\Users\Joan\Desktop
Loaded Profiles: Joan (Available Profiles: Joan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
C:\Windows\SysWOW64\AmoWindowService.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\uk6juro9.default\user.js [2014-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 Amodb Service; C:\Windows\SysWOW64\AmoWindowService.exe [245248 2016-01-21] () [File not signed]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{799ecd20-c226-11e5-b4a0-74de2b79a921} [20]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{799ecd21-c226-11e5-b4a0-74de2b79a921} [31]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{9e52f855-c22b-11e5-9b19-74de2b79a921} [20]
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{9e52f856-c22b-11e5-9b19-74de2b79a921} [31]
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\laktrd
MSCONFIG\startupreg: laktrd => rundll32.exe "C:\Users\owner\AppData\Local\laktrd.dll",laktrd
URLSearchHook: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm162^YYA^us&si=49588_New-OMF-Gem&ptb=84AD236F-46D3-494D-8F3C-9CEB81F06C6D&ind=2016022716&n=782a10bc&psa=&st=sb&searchfor={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2016-05-24] (Yahoo! Inc.)
CHR Extension: (Search Manager) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
Task: {1A2A057E-70A6-49E5-BC18-E88EADDD4C47} - \WPD\SqmUpload_S-1-5-21-1237411288-474285397-2512584859-1001 -> No File <==== ATTENTION
Task: {28D39D46-E8DC-4B44-A7DE-C49E4F66128B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B3AD374-639B-4BC5-AA75-7EF72D47185A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3678CA85-266E-4DD7-8BB7-5EBE5A24CB45} - System32\Tasks\{A2C1DDAA-A9E9-4C67-BCE0-C2ECC3678489} => pcalua.exe -a C:\Users\Joan\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUn.exe
Task: {46AF82C1-9A46-4A6D-8D91-72CC2CFC6842} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4B25E5A0-366E-427B-BCAC-4584F537564D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52370CE4-2574-4793-B854-13DE7117264A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {63215ED5-6416-41DA-83B5-96A4CC82C0BB} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {678E5DDA-8B60-4D83-8025-C494660E2992} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6EEDCD0C-9E62-41CF-B904-A7C3595E881F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7185BD06-F8CA-4713-93F0-E5F9E51AC603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CD0DE27-511E-4413-9E38-20FED75BC055} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D6F9789-3D8C-47C4-8F52-22FC6DC8541B} - \ASP -> No File <==== ATTENTION
Task: {9580BFE7-8A9A-4E46-A805-B3EB1BA5B0AC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F858933-90E8-4A1C-9CDE-FE17A5AA8D41} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C3E1E294-C4B1-4DB0-A87A-47F574BCC1CB} - System32\Tasks\Kelunnae => C:\ProgramData\Kelunnae\1.0.4.1\dnuiohur.exe [2015-08-13] ()
Task: {C42A4ED5-C888-420D-837C-9FDCCB338A2D} - System32\Tasks\{4B529788-D8C2-FA5D-1EBF-1C70A7D13132} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\b589be03\ef2e1626.dll" <==== ATTENTION
Task: {F39B3918-FEAC-4E8E-B582-EFDDB1E43894} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
C:\ProgramData\Kelunnae\1.0.4.1\dnuiohur.exe
C:\PROGRA~3\b589be03
C:\Users\Joan\AppData\Roaming\ShopAtHome
C:\Users\owner\AppData\Local\laktrd.dll
C:\Windows\SysWOW64\AmoWindowService.exe
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Windows\SysWOW64\AmoWindowService.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value not found.
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-2183697155-2262375841-144936973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key not found. 
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\uk6juro9.default\user.js => not found.
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\uk6juro9.default\user.js [2014-12-13] => not found
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
Amodb Service => service not found.
"C:\Windows\system32\Drivers\sdfhgdf.sys" => ":{799ecd20-c226-11e5-b4a0-74de2b79a921}" ADS not found.
"C:\Windows\system32\Drivers\sdfhgdf.sys" => ":{799ecd21-c226-11e5-b4a0-74de2b79a921}" ADS not found.
"C:\Windows\system32\Drivers\sdfhgdf.sys" => ":{9e52f855-c22b-11e5-9b19-74de2b79a921}" ADS not found.
"C:\Windows\system32\Drivers\sdfhgdf.sys" => ":{9e52f856-c22b-11e5-9b19-74de2b79a921}" ADS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\laktrd => key not found. 
MSCONFIG\startupreg: laktrd => rundll32.exe "C:\Users\owner\AppData\Local\laktrd.dll",laktrd => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
"HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully
C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => moved successfully
C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
"HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi" => key removed successfully
"HKU\S-1-5-21-1237411288-474285397-2512584859-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ggebenakhmhfdkmkemdmllecchcldgec" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A2A057E-70A6-49E5-BC18-E88EADDD4C47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A2A057E-70A6-49E5-BC18-E88EADDD4C47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1237411288-474285397-2512584859-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28D39D46-E8DC-4B44-A7DE-C49E4F66128B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28D39D46-E8DC-4B44-A7DE-C49E4F66128B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B3AD374-639B-4BC5-AA75-7EF72D47185A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B3AD374-639B-4BC5-AA75-7EF72D47185A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3678CA85-266E-4DD7-8BB7-5EBE5A24CB45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3678CA85-266E-4DD7-8BB7-5EBE5A24CB45}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A2C1DDAA-A9E9-4C67-BCE0-C2ECC3678489} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2C1DDAA-A9E9-4C67-BCE0-C2ECC3678489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46AF82C1-9A46-4A6D-8D91-72CC2CFC6842}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46AF82C1-9A46-4A6D-8D91-72CC2CFC6842}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B25E5A0-366E-427B-BCAC-4584F537564D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B25E5A0-366E-427B-BCAC-4584F537564D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52370CE4-2574-4793-B854-13DE7117264A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52370CE4-2574-4793-B854-13DE7117264A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63215ED5-6416-41DA-83B5-96A4CC82C0BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63215ED5-6416-41DA-83B5-96A4CC82C0BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678E5DDA-8B60-4D83-8025-C494660E2992}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678E5DDA-8B60-4D83-8025-C494660E2992}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EEDCD0C-9E62-41CF-B904-A7C3595E881F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EEDCD0C-9E62-41CF-B904-A7C3595E881F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7185BD06-F8CA-4713-93F0-E5F9E51AC603}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7185BD06-F8CA-4713-93F0-E5F9E51AC603}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CD0DE27-511E-4413-9E38-20FED75BC055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD0DE27-511E-4413-9E38-20FED75BC055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D6F9789-3D8C-47C4-8F52-22FC6DC8541B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6F9789-3D8C-47C4-8F52-22FC6DC8541B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9580BFE7-8A9A-4E46-A805-B3EB1BA5B0AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9580BFE7-8A9A-4E46-A805-B3EB1BA5B0AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F858933-90E8-4A1C-9CDE-FE17A5AA8D41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F858933-90E8-4A1C-9CDE-FE17A5AA8D41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C3E1E294-C4B1-4DB0-A87A-47F574BCC1CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3E1E294-C4B1-4DB0-A87A-47F574BCC1CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\Kelunnae => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kelunnae" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C42A4ED5-C888-420D-837C-9FDCCB338A2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C42A4ED5-C888-420D-837C-9FDCCB338A2D}" => key removed successfully
C:\WINDOWS\System32\Tasks\{4B529788-D8C2-FA5D-1EBF-1C70A7D13132} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B529788-D8C2-FA5D-1EBF-1C70A7D13132}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F39B3918-FEAC-4E8E-B582-EFDDB1E43894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F39B3918-FEAC-4E8E-B582-EFDDB1E43894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
C:\ProgramData\Kelunnae\1.0.4.1\dnuiohur.exe => moved successfully
C:\PROGRA~3\b589be03 => moved successfully
C:\Users\Joan\AppData\Roaming\ShopAtHome => moved successfully
"C:\Users\owner\AppData\Local\laktrd.dll" => not found.
"C:\Windows\SysWOW64\AmoWindowService.exe" => not found.
"C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 39532 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 141874753 B
Java, Flash, Steam htmlcache => 120571 B
Windows/system/drivers => 90775234 B
Edge => 4760609 B
Chrome => 121940658 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 632429 B
NetworkService => 826 B
Joan => 182509754 B
 
RecycleBin => 337574 B
EmptyTemp: => 517.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:29:33 ====
 
# AdwCleaner v6.010 - Logfile created 31/08/2016 at 19:47:51
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-31.4 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Joan - JOAN-HP
# Running from : C:\Users\Joan\Desktop\adwcleaner_6.010.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  YahooAUService
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\701cbf1f-0443-0
Folder Found:  C:\ProgramData\701cbf1f-1db5-0
Folder Found:  C:\ProgramData\701cbf1f-75c1-0
Folder Found:  C:\ProgramData\8e153191-6355-1
Folder Found:  C:\ProgramData\8e153191-6645-0
Folder Found:  C:\ProgramData\Kelunnae
Folder Found:  C:\ProgramData\Application Data\Kelunnae
Folder Found:  C:\ProgramData\{01386962-412c-0}
Folder Found:  C:\ProgramData\{01e30d8e-412c-1}
Folder Found:  C:\ProgramData\{0724cabb-512c-0}
Folder Found:  C:\ProgramData\{12188146-112c-0}
Folder Found:  C:\ProgramData\{161592c4-412c-1}
Folder Found:  C:\Users\Joan\AppData\Local\iac
Folder Found:  C:\Users\Joan\AppData\Local\YSearchUtil
Folder Found:  C:\Users\Joan\AppData\Local\IAC
Folder Found:  C:\Users\Joan\AppData\Local\jawego
Folder Found:  C:\Users\Joan\AppData\LocalLow\iac
Folder Found:  C:\Users\Joan\AppData\LocalLow\visi_coupon
Folder Found:  C:\Users\Joan\AppData\LocalLow\Yahoo! Companion
Folder Found:  C:\Users\Joan\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\Joan\AppData\LocalLow\YahooCouponAddOn
Folder Found:  C:\Users\Joan\AppData\LocalLow\IAC
Folder Found:  C:\Users\Joan\AppData\Roaming\DriverCure
Folder Found:  C:\Users\Joan\AppData\Roaming\ParetoLogic
Folder Found:  C:\Users\Joan\AppData\Roaming\speedypc software
Folder Found:  C:\Users\Joan\AppData\Roaming\Systweak
Folder Found:  C:\Users\Joan\AppData\Roaming\Yahoo!\Companion
Folder Found:  C:\Users\Joan\AppData\Roaming\Event Monitor
Folder Found:  C:\Users\Joan\AppData\Roaming\SpeedyPC Software
Folder Found:  C:\Users\Joan\AppData\Roaming\PCPRJ
Folder Found:  C:\Users\Joan\AppData\Roaming\jawego
Folder Found:  C:\ProgramData\ParetoLogic
Folder Found:  C:\ProgramData\speedypc software
Folder Found:  C:\ProgramData\Yahoo! Companion
Folder Found:  C:\ProgramData\SpeedyPC Software
Folder Found:  C:\ProgramData\Application Data\ParetoLogic
Folder Found:  C:\ProgramData\Application Data\speedypc software
Folder Found:  C:\ProgramData\Application Data\Yahoo! Companion
Folder Found:  C:\ProgramData\Application Data\SpeedyPC Software
Folder Found:  C:\Program Files (x86)\Coupons
Folder Found:  C:\Program Files (x86)\Yahoo!\Companion
Folder Found:  C:\Program Files (x86)\Yahoo!\yset
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
 
 
***** [ Files ] *****
 
File Found:  C:\WINDOWS\SysNative\roboot64.exe
File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\Program Files (x86)\Yahoo!\Common\unyt.exe
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  Kelunnae
Task Found:  RunAtStartup
Task Found:  RunAtStartup
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found:  HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found:  HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found:  HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YTBMButton
Key Found:  HKLM\SOFTWARE\Classes\yt.YTBMButton.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found:  HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
Key Found:  HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found:  [x64] HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  [x64] HKLM\SOFTWARE\WebUpdater
Key Found:  HKU\.DEFAULT\Software\Browser
Key Found:  HKU\.DEFAULT\Software\Yahoo\Companion
Key Found:  HKU\.DEFAULT\Software\Yahoo\YFriendsBar
Key Found:  HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\BEFRUGAL
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Browser
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\ContentExplorer
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\distromatic
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Jawego
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\One System Care
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\ParetoLogic
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\ShopAtHome.com
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\speedypc software
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Tune
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\WebBar
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\systweak
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\csastats
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Event Monitor
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\SECURE\PC\Cleaner
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1237411288-474285397-2512584859-1001\Software\BEFRUGAL
Key Found:  HKU\S-1-5-18\Software\Browser
Key Found:  HKU\S-1-5-18\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-18\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKCU\Software\BEFRUGAL
Key Found:  HKCU\Software\Browser
Key Found:  HKCU\Software\ContentExplorer
Key Found:  HKCU\Software\distromatic
Key Found:  HKCU\Software\Jawego
Key Found:  HKCU\Software\One System Care
Key Found:  HKCU\Software\ParetoLogic
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\ShopAtHome.com
Key Found:  HKCU\Software\speedypc software
Key Found:  HKCU\Software\Tune
Key Found:  HKCU\Software\WebBar
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\systweak
Key Found:  HKCU\Software\csastats
Key Found:  HKCU\Software\Event Monitor
Key Found:  HKCU\Software\SECURE\PC\Cleaner
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\BEFRUGAL
Key Found:  HKLM\SOFTWARE\Jawego
Key Found:  HKLM\SOFTWARE\ParetoLogic
Key Found:  HKLM\SOFTWARE\speedypc software
Key Found:  HKLM\SOFTWARE\Tune
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\systweak
Key Found:  HKLM\SOFTWARE\Event Monitor
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Data Found:  HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\piroga.space
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akz.imgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponxplorer.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download-freemaps.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findmefreebies.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findyourmaps.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freelocalweather.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getformsonline.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\howtosimplified.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mapsgalaxy.dl.myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mapsgalaxy.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mytransitguide.dl.myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mytransitguide.dl.tb.ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onlinemapfinder.dl.myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onlinemapfinder.dl.tb.ask.com
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [BFHP]
Key Found:  HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bahkljhhdeciiaodlkppoonappfnheoi
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - eefhnbpnnaaokmclnihgajdnlgljajjg
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ggebenakhmhfdkmkemdmllecchcldgec
Chrome pref Found:  [C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [21616 Bytes] - [31/08/2016 19:47:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21690 Bytes] ##########
 

Edited by Neil Bradley, 31 August 2016 - 08:10 PM.


#6 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 August 2016 - 08:09 PM

I hope that this helps, I ran another scan with FRST, below are the logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Joan (31-08-2016 20:03:19)
Running from C:\Users\Joan\Desktop
Windows 10 Home Version 1511 (X64) (2016-07-15 12:38:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1237411288-474285397-2512584859-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1237411288-474285397-2512584859-503 - Limited - Disabled)
Guest (S-1-5-21-1237411288-474285397-2512584859-501 - Limited - Disabled)
Joan (S-1-5-21-1237411288-474285397-2512584859-1001 - Administrator - Enabled) => C:\Users\Joan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Catalyst Control Center Next Localization BR (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1118.123.2413 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Photo Scan (HKLM-x32\...\{2A85E1E9-3F89-4972-A3B2-A209D8DEECE1}) (Version: 1.00.0008 - Seiko Epson Corporation)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Print Perfect DVD (HKLM-x32\...\{A131EC70-DADF-41B5-94D3-854A4DEF8B28}) (Version: 9.0.11 - Cosmi Corporation)
PrintMaster 2.0 Platinum (HKLM-x32\...\6485-4051-8654-1627) (Version:  - Encore Software Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1237411288-474285397-2512584859-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Joan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02CBB5F7-44FF-4A0C-BAC8-13BDC3441A18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {14EE7A4A-72C1-49C6-B22E-02A88031769E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-29] (AVAST Software)
Task: {2411F84F-1DBE-40D1-A811-F453BA6F29BE} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a3cdd1e13c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {49EC5110-83EF-45DA-942B-D00F4FED7219} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {52AF81FD-AECA-4835-B1DB-F807E7F7AC1F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {54084F89-76B7-4552-8DCA-9CF426C520D1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {5A21DE05-DE62-41C2-B23F-95AB1A25C537} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {5CCD8D52-E63E-4A09-8F22-D904F34F1380} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {6021D012-0A65-4307-8619-9E8C007AB764} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {87783C78-64BD-44EC-96D5-27BC367EF6CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-08-16] (Microsoft Corporation)
Task: {963C0F44-A4B0-4E9E-B6A1-26C43849FB00} - System32\Tasks\RunAtStartup => C:\Users\Joan\AppData\Roaming\Event Monitor\em.exe [2016-06-28] ()
Task: {A3DCC42B-ADE7-43B8-9348-DFBC939E3B78} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {A684EF20-AA41-4F6E-B097-46F5D37AFBCD} - System32\Tasks\HPCeeScheduleForJoan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: {CEEFDD1C-E9AF-43F5-BC5A-A80FE0A5720F} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {D57AABF2-C0B9-45C6-8AA3-59099C1810B1} - System32\Tasks\EPSON XP-320 Series Update {5F8F03BC-5FFF-46AA-AC52-2D10C18C0B32} => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {DA6264A1-1C1A-48B6-AD0C-17E7A0F1E206} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {DFF7F043-1C00-4831-B03F-42DCDC4CEFF4} - System32\Tasks\SafeZone scheduled Autoupdate 1472482945 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {E1788A2E-15D4-45E3-ADB5-600F95730FD7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-320 Series Update {0E369723-4B1A-4354-98B3-59DF226EE3CB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{0E369723-4B1A-4354-98B3-59DF226EE3CB} /F:UpdateWORKGROUP\JOAN-HP$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-320 Series Update {5F8F03BC-5FFF-46AA-AC52-2D10C18C0B32}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{5F8F03BC-5FFF-46AA-AC52-2D10C18C0B32} /F:Update WORKGROUP\JOAN-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a3cdd1e13c8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-09-26 14:26 - 2013-09-26 14:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 14:32 - 2013-09-26 14:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 14:28 - 2013-09-26 14:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-15 06:13 - 2016-07-15 06:13 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-15 06:13 - 2016-07-15 06:13 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-18 16:35 - 2016-08-18 16:35 - 01864384 _____ () C:\Users\Joan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 14:52 - 2016-07-16 14:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-09 13:25 - 2016-06-28 12:21 - 03311568 _____ () C:\Users\Joan\AppData\Roaming\Event Monitor\em.exe
2016-04-27 01:10 - 2016-04-27 01:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-15 06:15 - 2016-07-15 06:15 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-15 06:14 - 2016-07-15 06:14 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-15 06:14 - 2016-07-15 06:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-15 06:14 - 2016-07-15 06:14 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-15 06:14 - 2016-07-15 06:14 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-26 14:34 - 2013-09-26 14:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-07-16 14:52 - 2016-07-16 14:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-16 14:52 - 2016-07-16 14:55 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-12-25 19:21 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-08-18 16:35 - 2016-08-18 16:35 - 01383616 _____ () C:\Users\Joan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-18 16:35 - 2016-08-18 16:35 - 00118976 _____ () C:\Users\Joan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-29 09:55 - 2016-08-29 09:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-29 09:55 - 2016-08-29 09:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-29 09:55 - 2016-08-29 09:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "GamingWonderland Browser Plugin Loader 64"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy_39 Browser Plugin Loader 64"
HKLM\...\StartupApproved\Run32: => "WeatherBlink Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "BFHP"
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C74BFFE8-A5BE-457B-9D25-E05A17E4C7D4}] => (Allow) C:\Program Files (x86)\Driver Updater Plus\dup.exe
FirewallRules: [{86F56542-BB1C-43B6-AFDB-1B46E85BC4E7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{85CFF07A-8077-4A83-8E41-94ACB70EF435}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BAD4EA79-D9B3-4668-84F0-C7353F695BBF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{860AEE44-882B-451E-8BD9-001035BAA876}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD741310-F276-4E1D-B492-7BF507E91295}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{EDD169E8-8B7B-41A0-ADE0-BC2F63455D16}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{7F44B7E5-1B6E-48E9-A0AD-5899610E4CDF}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{620C29E7-469B-4C4F-9F82-9D951AEE6EAC}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{FB42E577-1F12-4E18-A5B9-3F237FEDBCF6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{24084EF4-CC85-4A2C-9A1B-098C29821532}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{24DAB415-523F-4AA8-9892-7BCAC12E0CF7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1C51FB51-FAEE-49C2-872F-48A9CD1FB464}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5AF471F7-0A67-4F7F-93F8-E294E49F4E2B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{07199311-75CA-45FF-8EAC-0BF6821DE8F8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D2908452-0AB6-4B27-AACA-46BEBCC4DC00}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D44FFE4C-CA9E-4AA3-BF03-43D86F64D59F}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{A53905AF-1FFE-4283-8222-A66D756B817A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{ECA39787-0604-41E1-A4FC-C9E47E4563B0}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{78653774-95D5-48F6-B0BD-7372AC629000}] => (Allow) LPort=1900
FirewallRules: [{20FD1DCC-CC3B-4627-922F-39917261604E}] => (Allow) LPort=2869
FirewallRules: [{2139F48E-25D9-4384-831E-F0896B268F94}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A35F2E41-084E-49A6-901A-D8BF9F9758BA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5C133BA4-219B-4372-8741-74FF407B93FB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E460D1CF-6E90-4B3B-9228-81923D0A6593}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{36B1D88D-A52B-4389-9F0B-1F9DCD8228A5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{4DC13556-9F17-4688-87F3-47480933151D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9F2695AD-BB3C-4E61-86CA-29ABA5F3B43B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D5A921E7-4651-4577-AA18-D1F3AC69E6D4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{991A17A4-3E6F-4255-9415-6C653566B29D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B947B2F9-FA8C-4DE0-AA8C-BBBD0709847A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{98329B3E-8712-4A19-9DFE-A64D500A466B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C798EFFB-3D2B-4394-88B9-E858645B386B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5387A8DD-D6B8-4EC4-B608-DF1FE78F318A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
16-08-2016 10:58:37 Windows Update
24-08-2016 08:41:44 Windows Update
31-08-2016 09:50:57 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2016 07:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x564c17eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x18cc
Faulting application start time: 0x01d203e846c57df2
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report Id: 0692df86-a88f-45ad-afe2-515905a2a5d7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/31/2016 07:33:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10586.545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18b4
 
Start Time: 01d203e850bbdcda
 
Termination Time: 307
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id: ac085ba8-6fdb-11e6-830e-40f02fb95f5c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2016 07:24:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.494, time stamp: 0x5775e2d9
Exception code: 0xc000027b
Fault offset: 0x000000000004b1c9
Faulting process id: 0x1854
Faulting application start time: 0x01d203be8943b085
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 92987403-28b5-4898-a20e-cfab62a6b634
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (08/31/2016 06:59:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10586.545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 12f4
 
Start Time: 01d203e3a20d2ab2
 
Termination Time: 215
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id: 00a9bdd4-6fd7-11e6-830d-40f02fb95f5c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2016 02:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x564c17eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x15c8
Faulting application start time: 0x01d203be9354c313
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report Id: d2f38439-465c-4d39-8979-118a1817296d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/31/2016 09:51:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/31/2016 08:37:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x564c17eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xf14
Faulting application start time: 0x01d203253fa3939e
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report Id: c7e269ba-c4c0-4336-b71f-1a9e03f70428
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/31/2016 05:29:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Joan-HP)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/30/2016 08:15:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Joan-HP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/30/2016 07:35:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x564c17eb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xcdc
Faulting application start time: 0x01d202ba37b3f661
Faulting application path: C:\Program Files\AMD\CNext\CNext\cnext.exe
Faulting module path: unknown
Report Id: 237ec5b2-fdae-4516-81a2-6878b76d0392
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/31/2016 07:34:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/31/2016 07:31:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/31/2016 07:31:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
 
Error: (08/31/2016 07:30:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error: 
A device attached to the system is not functioning.
 
Error: (08/31/2016 07:30:51 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (08/31/2016 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1fb6cd3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/31/2016 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1fb6cd3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/31/2016 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1fb6cd3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/31/2016 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1fb6cd3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/31/2016 07:28:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-17 02:12:06.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-22 15:22:36.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 08:58:56.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-16 10:08:45.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 04:21:30.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 04:10:03.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 03:30:56.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-2500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 43%
Total physical RAM: 3542.28 MB
Available physical RAM: 2001.03 MB
Total Virtual: 4182.28 MB
Available Virtual: 2313.59 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:449.16 GB) (Free:387.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.68 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 74154C58)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Joan (administrator) on JOAN-HP (31-08-2016 19:58:46)
Running from C:\Users\Joan\Desktop
Loaded Profiles: Joan (Available Profiles: Joan)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Users\Joan\AppData\Roaming\Event Monitor\em.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-29] (AVAST Software)
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\...\Run: [Chromium] => "c:\users\joan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\windows\system32\LavasoftTcpService64.dll [422400 2015-08-13] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{65db09e6-9e47-473d-949c-929b28b2bae2}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{65db09e6-9e47-473d-949c-929b28b2bae2}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{77645b7b-e804-47d8-a83a-3395652000b5}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{77645b7b-e804-47d8-a83a-3395652000b5}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{789b94c6-de2a-45c9-ba78-b2e2bdf1290a}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{789b94c6-de2a-45c9-ba78-b2e2bdf1290a}: [DhcpNameServer] 82.163.142.7
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE9IWYTwVI9JqYTNVQ3vCoVNVA4IWYWwVJdJCIWwVU9GqYVNUI3wGYGwVM4J6oWvFM9GqUNNos3wCIYwVA9JmIYwVA9J6ITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4Jmk4NVE9JaYTwVU9ISIWwVw9J6k3vFRdICISwVU9Jmk4NVI9I6oVNVI3vmoUwVxdJmIWNVE9J6oVNVE4J6IVwVI9J6oWvmpbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oUvFI9JGYTNVI9IWYUvmo9I6IYNVI9JmoVwVw4IGYVwVM9JCISNVU4ISIVNVA9IaYTvFQ9J6k3wVU4JmoVNVE4JqYUNVI9JGQIwV5dJGYNvmE9JrFbMnMbQGMVMGx8LWR9LGN5QGR7BHFaISopzU0aCaV7CaR4C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVaMGJ9MqNbLZ%3D%3D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_2618e394&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFE9IWYTwVI9JqYTNVQ3vCoVNVA4IWYWwVJdJCIWwVU9GqYVNUI3wGYGwVM4J6oWvFM9GqUNNos3wCIYwVA9JmIYwVA9J6ITwVI9GqUNNFM3wGQENEVcGCIXvFI9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM4Jmk4NVE9JaYTwVU9ISIWwVw9J6k3vFRdICISwVU9Jmk4NVI9I6oVNVI3vmoUwVxdJmIWNVE9J6oVNVE4J6IVwVI9J6oWvmpbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oUvFI9JGYTNVI9IWYUvmo9I6IYNVI9JmoVwVw4IGYVwVM9JCISNVU4ISIVNVA9IaYTvFQ9J6k3wVU4JmoVNVE4JqYUNVI9JGQIwV5dJGYNvmE9JrFbMnMbQGMVMGx8LWR9LGN5QGR7BHFaISopzU0aCaV7CaR4C70bA74hQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVaMGJ9MqNbLZ%3D%3D
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1237411288-474285397-2512584859-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0BzyyD0FyD0CtD0AtCtAtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtB0DtByByEtGyD0BtDtBtGyCyBzy0BtGyEzy0C0DtG0Azy0AtAyCzyzy0C0EtDtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtA0F0DtD0EzytGtA0DtByDtGyE0DtCtAtG0AyDtD0FtG0FyBtCzztAyByD0EyB0E0DtA2QtN0A0LzutB%26cr%3D2112246407%26a%3Dwncy_instlmtrx_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {A20B4056-E8D1-4463-B5ED-CFA13649A3F8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1237411288-474285397-2512584859-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-23] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1237411288-474285397-2512584859-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Joan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Partner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-08-29]
CHR Extension: (Google Docs) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (Yahoo Partner) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2016-08-29]
CHR Extension: (YouTube) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-10]
CHR Extension: (Gmail) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-03] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [83312 2016-08-29] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-29] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 20:02 - 2016-08-31 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-08-31 19:58 - 2016-08-31 20:00 - 00026300 _____ C:\Users\Joan\Desktop\FRST.txt
2016-08-31 19:37 - 2016-08-31 19:47 - 00000000 ____D C:\AdwCleaner
2016-08-31 19:36 - 2016-08-31 19:36 - 03826240 _____ C:\Users\Joan\Desktop\adwcleaner_6.010.exe
2016-08-31 19:35 - 2016-08-31 19:35 - 00003104 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2016-08-31 19:12 - 2016-08-31 19:29 - 00020954 _____ C:\Users\Joan\Desktop\Fixlog.txt
2016-08-31 19:12 - 2016-08-31 19:12 - 00000000 ____D C:\Users\Joan\Desktop\FRST-OlderVersion
2016-08-31 19:11 - 2016-08-31 19:12 - 02397696 _____ (Farbar) C:\Users\Joan\Desktop\FRST64.exe
2016-08-31 09:56 - 2016-08-31 09:56 - 00044952 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2016-08-31 08:38 - 2016-08-31 08:38 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-08-29 13:50 - 2016-08-29 13:50 - 00000000 ____D C:\removal programs
2016-08-29 13:22 - 2016-08-31 19:58 - 00000000 ____D C:\FRST
2016-08-29 12:17 - 2016-08-29 12:17 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-29 12:17 - 2016-08-29 12:17 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-08-29 10:06 - 2016-08-29 10:01 - 00083312 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2016-08-29 10:02 - 2016-08-29 10:02 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1472482945
2016-08-29 10:02 - 2016-08-29 10:02 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-29 10:01 - 2016-08-29 10:01 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-29 09:57 - 2016-08-29 09:57 - 00000000 ____D C:\Users\Joan\AppData\Roaming\AVAST Software
2016-08-29 09:56 - 2016-08-29 09:56 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-29 09:56 - 2016-08-29 09:56 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-08-29 09:56 - 2016-08-29 09:56 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-29 09:55 - 2016-08-29 09:55 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-29 09:55 - 2016-08-29 09:55 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-29 09:55 - 2016-08-29 09:55 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 09:55 - 2016-08-29 09:55 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 09:52 - 2016-08-29 10:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-29 09:52 - 2016-08-29 10:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-28 19:31 - 2016-08-31 19:04 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-08-25 18:44 - 2016-08-25 18:44 - 00000000 ____D C:\Users\Joan\Documents\Attachments_2016825
2016-08-23 06:59 - 2016-08-23 06:59 - 05933558 _____ (MediaPlayAir ) C:\Users\Joan\Downloads\FlashPlayerPro [1].exe
2016-08-20 09:26 - 2016-08-20 09:26 - 00000000 ____D C:\ProgramData\701cbf1f-0443-0
2016-08-20 09:25 - 2016-08-20 09:25 - 00000000 ____D C:\ProgramData\{161592c4-412c-1}
2016-08-20 09:25 - 2016-08-20 09:25 - 00000000 ____D C:\ProgramData\{01386962-412c-0}
2016-08-18 16:37 - 2016-08-18 16:37 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 16:35 - 2016-08-18 16:35 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Skype
2016-08-16 12:01 - 2016-08-16 12:01 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-16 10:04 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-16 10:04 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-16 10:04 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-16 10:04 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-16 10:04 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-16 10:04 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-16 10:04 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-16 10:04 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-16 10:04 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-16 10:04 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-16 10:04 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-16 10:04 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-16 10:04 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-16 10:04 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-16 10:04 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-16 10:04 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-16 10:04 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-16 10:04 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-16 10:04 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-16 10:04 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-16 10:04 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-16 10:04 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-16 10:04 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-16 10:04 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-16 10:04 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-16 10:04 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-16 10:04 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-16 10:04 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-16 10:04 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-16 10:04 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-16 10:04 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-16 10:04 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-16 10:04 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-16 10:04 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-16 10:04 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-16 10:04 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-16 10:04 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-16 10:04 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-16 10:04 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-16 10:04 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-16 10:04 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-16 10:04 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-16 10:04 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-16 10:04 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-16 10:04 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-16 10:04 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-16 10:04 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-16 10:04 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-16 10:04 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-16 10:04 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-16 10:04 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-16 10:04 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-16 10:04 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-16 10:04 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-16 10:04 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-16 10:04 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-16 10:04 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-16 10:04 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-16 10:04 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-16 10:04 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-16 10:04 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-16 10:04 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-16 10:04 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-16 10:04 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-16 10:04 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-16 10:04 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-16 10:03 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-16 10:03 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-16 10:03 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-16 10:03 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-16 10:03 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-16 10:03 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-16 10:03 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-16 10:03 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-16 10:03 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-16 10:03 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-16 10:03 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-16 10:03 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-16 10:03 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-16 10:03 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-16 10:03 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-16 10:03 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-16 10:03 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-16 10:03 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-16 10:03 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-16 10:03 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-16 10:03 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-16 10:03 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-16 10:03 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-16 10:03 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-16 10:03 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-16 10:03 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-16 10:03 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-16 10:03 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-16 10:03 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-16 10:03 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-16 10:03 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-16 10:03 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-16 10:03 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-16 10:03 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-16 10:03 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-16 10:03 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-16 10:03 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-16 10:03 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-16 10:03 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-16 10:03 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-16 10:03 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-16 10:03 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-16 10:03 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-16 10:03 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-16 10:03 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-16 10:03 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-16 10:03 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-16 10:02 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-16 10:02 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-16 10:02 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-16 10:02 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-16 10:02 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-16 10:02 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-16 10:02 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-16 10:02 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-16 10:02 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-16 10:02 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 19:51 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 19:51 - 2014-05-19 15:54 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 19:35 - 2016-05-09 13:25 - 00000000 ____D C:\Users\Joan\AppData\Roaming\Event Monitor
2016-08-31 19:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-31 19:32 - 2014-06-17 10:00 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a3cdd1e13c8.job
2016-08-31 19:30 - 2016-07-15 03:32 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-31 19:30 - 2016-04-27 01:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-31 19:30 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-31 19:29 - 2016-07-15 03:36 - 00972168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-31 19:29 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-31 19:16 - 2015-02-05 17:17 - 00000000 ____D C:\Users\Joan\AppData\LocalLow\Temp
2016-08-31 19:12 - 2015-10-30 14:12 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-320 Series Update {5F8F03BC-5FFF-46AA-AC52-2D10C18C0B32}.job
2016-08-31 15:15 - 2016-07-14 11:11 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoan.job
2016-08-31 08:39 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-31 08:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-29 13:15 - 2014-05-19 16:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-29 11:10 - 2016-05-09 13:22 - 00000000 ____D C:\Users\Joan\AppData\Local\{BEC7889B-9A6F-E423-F7F7-C1CBD39F3D53}
2016-08-28 19:41 - 2014-05-14 17:30 - 00000000 ____D C:\Users\Joan\Documents\Family Tree Maker
2016-08-26 06:04 - 2016-07-15 04:21 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-08-26 06:04 - 2016-07-15 04:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-08-23 11:34 - 2015-04-21 21:11 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-23 11:34 - 2015-03-06 13:22 - 00000000 ____D C:\ProgramData\Oracle
2016-08-23 11:33 - 2016-06-19 14:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-23 11:33 - 2016-06-19 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-23 11:33 - 2015-08-28 09:43 - 00000000 ____D C:\Users\Joan\.oracle_jre_usage
2016-08-20 09:26 - 2016-07-23 11:04 - 00000000 ____D C:\ProgramData\701cbf1f-1db5-0
2016-08-20 09:26 - 2016-07-23 10:59 - 00000000 ____D C:\ProgramData\701cbf1f-75c1-0
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{12188146-112c-0}
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{0724cabb-512c-0}
2016-08-20 09:26 - 2016-07-23 10:58 - 00000000 ____D C:\ProgramData\{01e30d8e-412c-1}
2016-08-19 10:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-18 16:37 - 2016-07-15 07:51 - 00002367 _____ C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 16:37 - 2016-07-15 07:51 - 00000000 ___RD C:\Users\Joan\OneDrive
2016-08-17 09:54 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 02:12 - 2016-04-27 01:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-17 02:05 - 2016-04-27 01:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 02:05 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 02:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-16 12:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-16 12:00 - 2014-05-21 04:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-16 11:47 - 2014-05-21 04:13 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-16 08:54 - 2015-08-14 15:25 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-16 08:54 - 2015-08-14 15:25 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-15 16:09 - 2016-07-15 03:37 - 00000000 ____D C:\Users\Joan
2016-08-15 15:04 - 2013-12-25 20:02 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-08-15 15:03 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-02 09:01 - 2015-04-24 09:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-05-09 14:23 - 2016-07-24 14:24 - 0000144 _____ () C:\Users\Joan\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-29 13:04
 
==================== End of FRST.txt ============================

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 01 September 2016 - 08:35 AM



Please run the AdwCleaner tool and clean everything that was found on the first scan.

Restart the computer normally when done.

Let me know of any remaining issues?

===

#8 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 02 September 2016 - 05:52 PM

Rand ADW twice, first time found 200+, second found 2. 

At the moment, computer appears clean, but would like to follow-up with you within 48 hours. 

 

Neil



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 03 September 2016 - 07:56 AM

I will be here.

#10 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 September 2016 - 01:43 PM

After 3 days of no popups, I would say we have it licked.

 

THANK YOU for your assistance.   We can count this as resolved.

 

Neil



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 07 September 2016 - 07:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users