Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

Land.pckeeper has hijacked my browser!

Started by kkocan72 , Oct 06 2016 09:53 AM

  • This topic is locked This topic is locked
5 replies to this topic

#1 kkocan72

kkocan72

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:03:33 PM

Posted 06 October 2016 - 09:53 AM

Greetings all, first time here.

Since Monday I've been hijacked by the land.pckeeper malware.

 

Using Chrome, every single web page that loads locks and no matter where I click I get the land.pckeeper page popping up.  I have to close that page, then I can navigate and use the page I am on but once I click to a new link then the new page will repeat the process.  So every time I try to follow a link I have to click, close land.pckeeper, then click again to get to intended site.

 

I've run a Norton scan and it found nothing.  I purchased and ran Malwarebytes but all it does is block the web page trying to open, so I still have to close that page before I can navigate.

 

Any help would be greatly appreciated as I'm at a loss.

 

PS, I'm running Windows 8.1.

 

Thanks!!!


BC AdBot (Login to Remove)

 

#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 07 October 2016 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 kkocan72

kkocan72
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:03:33 PM

Posted 09 October 2016 - 10:28 AM

Attached File  Addition.txt   40.38KB   1 downloadsThanks for the help.

Following your instructions:

 

Here is the Malwarebytes log file:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/7/2016
Scan Time: 12:39 PM
Logfile: MBAM_Log_10-7-16.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.07.05
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kristoph
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359011
Time Elapsed: 1 hr, 3 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here is the AdwCleaner File:
 
# AdwCleaner v6.021 - Logfile created 07/10/2016 at 15:25:23
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Kristoph - KRISTO
# Running from : C:\Users\Kristoph\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
Here is the FRST.txt file from Farbar:
I've also attached the Addition.txt file
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Kristoph (administrator) on KRISTO (07-10-2016 16:29:20)
Running from C:\Users\Kristoph\Downloads
Loaded Profiles: Kristoph (Available Profiles: Kristoph)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CaddieSyncConduit] => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2543936 2013-04-04] (SkyHawke)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [Dropbox Update] => C:\Users\Kristoph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-16] (Dropbox, Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\MountPoints2: {674f6250-8c4b-11e3-bf11-b888e3cdfea2} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\MountPoints2: {7fde44fa-a69c-11e2-bea8-b888e3cdfea2} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-10-28]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk [2012-09-03]
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Kristoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1 172.16.240.1
Tcpip\..\Interfaces\{56E93E27-474D-4069-80FE-7F532A6F4F69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F682A4AF-96E3-4B76-80DE-A4A4514FAAE0}: [DhcpNameServer] 8.8.8.8 192.168.1.1 172.16.240.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> DefaultScope {81CC8F23-BCB5-4318-A27F-9E6D43695D9F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> {81CC8F23-BCB5-4318-A27F-9E6D43695D9F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kristoph\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-19] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default [2016-10-07]
CHR Extension: (Google Docs) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Destiny Item Manager) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-16]
CHR Extension: (Google Search) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-11-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-16]
CHR Extension: (FlashUpdates4) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpfoipkbhnieokggpkjobogaenehee [2016-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2016-10-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 EndpointIntegration; C:\Program Files\N-able Technologies\AVDefender\EndpointIntegration.exe [398480 2014-08-21] (Bitdefender)
S3 EndpointService; C:\Program Files\N-able Technologies\AVDefender\EndpointService.exe [398480 2014-08-21] (Bitdefender)
S3 epag; C:\Program Files\Common Files\N-able Technologies\Endpoint Agent\epag.exe [2395584 2014-08-21] (Bitdefender)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-24] (Dritek System INC.)
S2 SupportDockService.exe; C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services) [File not signed]
S3 UpdateService; C:\Program Files\N-able Technologies\AVDefender\UpdateService.exe [398480 2014-08-21] (Bitdefender)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S0 BDElam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 Bdfwfpf; C:\Program Files\N-able Technologies\AVDefender\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155400 2014-08-21] (BitDefender LLC)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-10-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161006.001\IDSvia64.sys [1012440 2016-09-27] (Symantec Corporation)
R3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) <==== ATTENTION
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-11-12] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-24] (Dritek System Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-21] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-07 16:29 - 2016-10-07 16:30 - 00033279 _____ C:\Users\Kristoph\Downloads\FRST.txt
2016-10-07 16:28 - 2016-10-07 16:29 - 00000000 ____D C:\FRST
2016-10-07 16:28 - 2016-10-07 16:28 - 02405376 _____ (Farbar) C:\Users\Kristoph\Downloads\FRST64.exe
2016-10-07 16:21 - 2016-10-07 16:21 - 00001432 _____ C:\Users\Kristoph\Desktop\AdwCleaner_10-7-16.txt
2016-10-07 15:21 - 2016-10-07 15:21 - 03874368 _____ C:\Users\Kristoph\Downloads\AdwCleaner.exe
2016-10-07 15:18 - 2016-10-07 15:18 - 00001061 _____ C:\Users\Kristoph\Desktop\MBAM_Log_10-7-16.txt
2016-10-07 11:59 - 2016-10-07 11:59 - 00049603 _____ C:\Users\Kristoph\Documents\resume_KKocan_10-4-16.pdf
2016-10-07 11:58 - 2016-10-07 11:58 - 00026051 _____ C:\Users\Kristoph\Documents\KKocan_cover Letter_10-7-16.pdf
2016-10-07 11:18 - 2016-10-07 11:18 - 00000000 ____D C:\Users\Kristoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 12:39 - 2016-10-06 12:39 - 00019146 _____ C:\Users\Kristoph\Documents\KKocan_cover Letter.pdf
2016-10-05 09:23 - 2016-10-05 09:23 - 00054784 _____ C:\Users\Kristoph\Documents\Swim_Team-2016-17 Roster.xls
2016-10-05 08:33 - 2016-10-05 08:33 - 00051712 _____ C:\Users\Kristoph\Downloads\Roster_Export (57).xls
2016-10-05 08:15 - 2016-10-05 08:15 - 01631928 _____ (Malwarebytes) C:\Users\Kristoph\Downloads\JRT.exe
2016-10-04 16:32 - 2016-10-04 16:32 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-10-04 15:14 - 2016-10-04 15:14 - 00000302 _____ C:\WINDOWS\system32\.crusader
2016-10-04 12:59 - 2016-10-04 15:13 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-04 12:58 - 2016-10-04 12:59 - 11579432 _____ (SurfRight B.V.) C:\Users\Kristoph\Downloads\hitmanpro_x64.exe
2016-10-04 09:01 - 2016-10-04 09:02 - 22851472 _____ (Malwarebytes ) C:\Users\Kristoph\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-04 08:37 - 2016-10-07 15:25 - 00000000 ____D C:\AdwCleaner
2016-10-04 08:35 - 2016-10-04 08:35 - 03861056 _____ C:\Users\Kristoph\Downloads\adwcleaner_6.020.exe
2016-10-03 16:06 - 2016-10-03 16:06 - 00051810 _____ C:\Users\Kristoph\Downloads\Balance_Due_Roster_Export.pdf
2016-10-03 13:57 - 2016-10-03 13:57 - 00019725 _____ C:\Users\Kristoph\Documents\Swim Team workouts Gold group.xlsx
2016-09-30 13:09 - 2016-09-30 13:09 - 00049664 _____ C:\Users\Kristoph\Downloads\Roster_Export (56).xls
2016-09-23 16:29 - 2016-09-23 16:30 - 00000000 ____D C:\Users\Kristoph\Desktop\DAM-TRI (YMCA) JUN 2016
2016-09-22 10:48 - 2016-09-22 10:48 - 00088064 _____ C:\Users\Kristoph\Downloads\Roster_Export (55).xls
2016-09-22 10:25 - 2016-10-03 17:50 - 03490304 _____ C:\Users\Kristoph\Documents\fallvolleyball.pub
2016-09-19 17:38 - 2016-09-19 17:38 - 00096768 _____ C:\Users\Kristoph\Documents\wall of fame.pub
2016-09-19 17:25 - 2016-09-19 17:25 - 00010672 _____ C:\Users\Kristoph\Downloads\Wall of Fame.xlsx
2016-09-19 09:44 - 2016-09-19 09:44 - 00025040 _____ C:\Users\Kristoph\Downloads\VRRENEWAL (2).pdf
2016-09-19 08:30 - 2016-09-19 08:30 - 00154436 _____ C:\Users\Kristoph\Downloads\PGRInsuranceIDCard (8).pdf
2016-09-16 10:45 - 2016-09-29 15:23 - 00615028 _____ C:\Users\Kristoph\Documents\KK_rev_draft_17 budget.xlsx
2016-09-16 09:52 - 2016-09-16 09:52 - 00171765 _____ C:\Users\Kristoph\Downloads\downloads (2).zip
2016-09-13 14:45 - 2016-09-13 14:45 - 00373977 _____ C:\Users\Kristoph\Downloads\2015TurboTaxReturn (2).pdf
2016-09-13 10:46 - 2016-09-13 10:46 - 00043008 _____ C:\Users\Kristoph\Downloads\Roster_Export (54).xls
2016-09-13 08:19 - 2016-09-13 08:19 - 00001913 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-09-12 15:50 - 2016-09-12 15:50 - 00012820 _____ C:\Users\Kristoph\Documents\2016-17 tentative League schedule.xlsx
2016-09-09 10:34 - 2016-10-06 12:39 - 00049353 _____ C:\Users\Kristoph\Documents\resume_KKocan.pdf
2016-09-09 09:40 - 2016-09-09 09:40 - 00304077 _____ C:\Users\Kristoph\Downloads\logo-wht_rgb.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-07 16:10 - 2015-10-16 13:05 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3141526601-2142420105-2995144340-1001UA.job
2016-10-07 15:44 - 2013-03-02 14:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-07 15:33 - 2013-02-12 13:15 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3141526601-2142420105-2995144340-1001
2016-10-07 15:16 - 2014-10-28 10:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-07 13:10 - 2015-10-16 13:05 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3141526601-2142420105-2995144340-1001Core.job
2016-10-07 12:56 - 2014-10-28 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-07 12:38 - 2013-02-12 20:06 - 00000000 ____D C:\Users\Kristoph\Documents\Outlook Files
2016-10-07 11:36 - 2013-12-04 15:14 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC315014-C55A-4A54-AF5C-8190ADDD74B6}
2016-10-07 11:19 - 2013-02-12 20:28 - 00000000 ____D C:\Users\Kristoph\AppData\Roaming\Dropbox
2016-10-06 17:26 - 2016-03-14 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-10-05 08:53 - 2016-03-21 18:26 - 00000000 ___RD C:\Users\Kristoph\OneDrive
2016-10-04 16:36 - 2013-02-12 20:32 - 00000000 ___RD C:\Users\Kristoph\Dropbox
2016-10-04 16:35 - 2014-10-13 15:14 - 00000000 ___RD C:\Users\Kristoph\iCloudDrive
2016-10-04 16:32 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-04 16:31 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-04 09:18 - 2015-10-16 13:05 - 00000000 ____D C:\Users\Kristoph\AppData\Local\Dropbox
2016-10-04 09:04 - 2014-10-28 10:57 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-04 09:04 - 2014-10-28 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-04 08:51 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-04 08:30 - 2014-10-13 15:13 - 00003422 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-10-04 08:15 - 2013-02-12 20:16 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-04 08:15 - 2013-02-12 20:16 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-30 08:08 - 2016-07-05 11:38 - 00021313 _____ C:\Users\Kristoph\Documents\KK-Program goals.xlsx
2016-09-29 14:49 - 2015-01-16 14:05 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-26 08:45 - 2013-09-30 00:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-26 08:45 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-22 16:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-22 16:04 - 2013-03-02 14:41 - 00000000 ____D C:\Users\Kristoph\AppData\Local\CrashDumps
2016-09-22 09:53 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-22 09:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-19 11:31 - 2014-05-09 22:25 - 00000000 ____D C:\Users\Kristoph\AppData\Local\Apple Computer
2016-09-13 14:44 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 14:44 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 14:44 - 2013-03-02 14:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-13 08:21 - 2014-07-28 09:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-13 08:19 - 2014-07-28 09:42 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-09-13 08:19 - 2013-06-08 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-09-13 08:19 - 2013-02-18 20:39 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-09-13 08:06 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
 
==================== Files in the root of some directories =======
 
2013-09-19 09:39 - 2013-09-19 09:39 - 0028981 _____ () C:\Users\Kristoph\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Themes
2015-02-13 19:58 - 2015-02-13 19:58 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Track Settings
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Trance Pad
2015-02-13 19:56 - 2015-02-13 19:56 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Vocal Transformer
2014-10-15 09:04 - 2014-10-15 09:04 - 0000038 ___SH () C:\Users\Kristoph\AppData\Local\42747051538627b9063d49.45359236
2013-11-07 17:11 - 2013-01-14 12:34 - 0007680 _____ () C:\Users\Kristoph\AppData\Local\Z@!-34e250a8-d0c7-4e57-af1e-4457d30950d1.tmp
2013-11-07 17:11 - 2013-01-14 12:34 - 0007168 _____ () C:\Users\Kristoph\AppData\Local\Z@S!-489aa636-41e9-458c-a482-3d122297023c.tmp
2015-02-13 19:57 - 2015-02-13 19:57 - 0000012 ___RH () C:\ProgramData\business-inkjet
2015-02-13 19:56 - 2015-02-13 19:56 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2015-02-13 19:58 - 2015-02-13 21:32 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-02-13 19:57 - 2015-02-22 18:53 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-02-13 19:57 - 2015-02-22 18:51 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\ProgramData\Treble Reduction
2015-02-13 19:58 - 2015-02-13 19:58 - 0000268 ___RH () C:\ProgramData\Tremolo
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\ProgramData\Tribal Masks
2015-02-13 19:56 - 2015-02-13 19:57 - 0000012 ___RH () C:\ProgramData\Woodwind
2015-02-13 19:58 - 2015-02-13 19:58 - 0000012 ___RH () C:\ProgramData\Work - Home
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-04 16:46
 
==================== End of FRST.txt ============================
 
 

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 10 October 2016 - 09:30 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [LManager] => [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Extension: (Norton Security Toolbar) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\EX64.SYS [X]
Task: {655FDCC0-640B-4313-9213-6221C9B108C6} - System32\Tasks\{23B3E3A0-0BE8-4FB3-A477-D9415C39B4F2} => pcalua.exe -a "C:\Users\Kristoph\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe" -c /uninstall <==== ATTENTION
Task: {E4E82C16-B291-4D13-864C-A2A601F9A7A3} - System32\Tasks\{E91326D8-7A78-4B3F-8554-8C135ECC24BA} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Kristoph\Downloads\GarminExpressInstaller (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Kristoph\Downloads\GarminExpressInstaller.exe:BDU [0]
C:\Users\Kristoph\AppData\Roaming\InstallX Search Protect for Yahoo
C:\Program Files (x86)\Wajam

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Please post the Fixlog.txt file and let me know if the problem persists.

#5 kkocan72

kkocan72
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:03:33 PM

Posted 10 October 2016 - 10:36 AM

Appears to have worked!

 

Here is my FRST Fixlog 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016
Ran by Kristoph (10-10-2016 11:10:18) Run:1
Running from C:\Users\Kristoph\Downloads
Loaded Profiles: Kristoph (Available Profiles: Kristoph)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [LManager] => [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay]
-> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Extension: (Norton Security Toolbar) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
[2016-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\EX64.SYS [X]
Task: {655FDCC0-640B-4313-9213-6221C9B108C6} -
System32\Tasks\{23B3E3A0-0BE8-4FB3-A477-D9415C39B4F2} => pcalua.exe -a "C:\Users\Kristoph\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe" -c /uninstall <==== ATTENTION
Task: {E4E82C16-B291-4D13-864C-A2A601F9A7A3} - System32\Tasks\{E91326D8-7A78-4B3F-8554-8C135ECC24BA} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Kristoph\Downloads\GarminExpressInstaller (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Kristoph\Downloads\GarminExpressInstaller.exe:BDU [0]
C:\Users\Kristoph\AppData\Roaming\InstallX Search Protect for Yahoo
C:\Program Files (x86)\Wajam
 
*****************
 
Restore point was successfully created.
Processes closed successfully.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 10 October 2016 - 12:35 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·