Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adnetworkperformance Hijacked Chrome


  • This topic is locked This topic is locked
3 replies to this topic

#1 Brownstone1892

Brownstone1892

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 29 December 2016 - 12:14 PM

Hi guys,

 

My Chrome has been hijacked, so every time I open it, it redirects me to http://www.adnetworkperformance.com

 

It then opens a random webpage every time I click anything.

 

There's nothing immediately obvious in add/remove programs, or Chrome's Extension list.

 

FRST Output follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by carlp (administrator) on LAPTOP (29-12-2016 16:48:32)
Running from C:\Users\carlp\Desktop\Bleeping
Loaded Profiles: carlp (Available Profiles: carlp & amylo)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Users\carlp\AppData\Local\Citrix\GoToAssist Remote Support Expert\1185\g2ax_start.exe
(Citrix Systems, Inc.) C:\Users\carlp\AppData\Local\Citrix\GoToAssist Remote Support Expert\1185\g2ax_comm_expert.exe
(Citrix Systems, Inc.) C:\Users\carlp\AppData\Local\Citrix\GoToAssist Remote Support Expert\1185\g2ax_user_expert.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-09-28] (Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-09-28] (NVIDIA Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1259520 2016-05-24] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-17] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [H2O] => C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe [307200 2005-12-18] (Team H2O)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-07-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_winlogonx64.dll [X]
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\...\Run: [Spotify Web Helper] => C:\Users\carlp\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-12-03] (Spotify Ltd)
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\...\Run: [GoToAssist Remote Support Expert] => C:\Users\carlp\AppData\Local\Citrix\GoToAssist Remote Support Expert\1185\g2ax_start.exe [607240 2016-11-06] (Citrix Systems, Inc.)
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\...\Run: [Amazon Music] => C:\Users\carlp\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\...\Run: [GoogleChromeAutoLaunch_4DBC619F9D622C09D34B482BA027B740] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2016-06-19]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{7c13ac05-880b-44dc-94b7-db0497412031}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\S-1-5-21-3385321749-3456696080-2465345641-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2587
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-07-31]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-07-18] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-07-18] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3385321749-3456696080-2465345641-1001: @citrixonline.com/appdetectorplugin -> C:\Users\carlp\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-12] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default [2016-12-29]
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2016-05-21]
CHR Extension: (Google Drive) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (TabAvatar) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhdojalkojfpcmipfdncdpijdcgipgg [2016-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-12-21]
CHR Extension: (Fotor Photo Editor) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Slinky Elegant) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-10-02]
CHR Extension: (Chrome RDP) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2016-03-05]
CHR Extension: (Amazon Music) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkfgcfgfpgmkogcnibdjcckkpdiajgp [2016-12-11]
CHR Extension: (Spotify - Music for every moment) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-02-14]
CHR Extension: (Google Search) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Gmail Offline) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-02-14]
CHR Extension: (Google Calendar) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Free Rider HD) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2016-05-05]
CHR Extension: (GIMP on rollApp) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodhmnkhmnkmimhckfpkgmbmcgjkaddo [2016-02-14]
CHR Extension: (Plex) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2016-12-28]
CHR Extension: (Video Player) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij [2016-10-31]
CHR Extension: (mysms - SMS from Computer) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2015-11-14]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-06-08]
CHR Extension: (Pixlr Editor) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-02-24]
CHR Extension: (Photo Sphere viewer app) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjoknfeonnkinllknfmnlaelgoabdlk [2015-12-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-28]
CHR Extension: (Google Hangouts) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-12-28]
CHR Extension: (Little Alchemy) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-14]
CHR Extension: (Google Maps) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-02]
CHR Extension: (Google Mail Checker) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-10-02]
CHR Extension: (Text) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfbcljfglbokpmkimbfghdkjmjhdgbg [2016-02-25]
CHR Extension: (Office Online) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-10-31]
CHR Extension: (OneDrive) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2016-02-14]
CHR Extension: (Gmail) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-29]
CHR Extension: (Reditr - The Best Reddit Client) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfcbbijgnhoebddbjpmlikabnbnddgb [2016-08-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [741568 2016-07-18] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_service.exe [607240 2016-11-15] (Citrix Systems, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-17] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-06-01] (Synaptics Incorporated)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [36432 2008-03-04] (DemoForge, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-01] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\system32\DRIVERS\dtliteusbbus.sys [46392 2016-01-01] (Disc Soft Ltd)
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43488 2015-11-06] (UB658)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [28800 2016-03-30] (Elgato Systems GmbH)
R3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_7abb66182eb8ed83\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-09-28] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-12-16] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-09-28] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-09-28] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-29 16:47 - 2016-12-29 16:48 - 00000000 ____D C:\FRST
2016-12-29 16:24 - 2016-12-29 16:48 - 00000000 ____D C:\Users\carlp\Desktop\Bleeping
2016-12-29 16:20 - 2016-12-29 16:20 - 00000000 ____D C:\Users\carlp\AppData\Local\ESET
2016-12-29 14:16 - 2016-12-29 14:17 - 03977168 _____ C:\Users\carlp\Desktop\adwcleaner_6.041.exe
2016-12-29 12:21 - 2016-12-29 12:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-26 11:39 - 2016-12-29 12:17 - 00007644 _____ C:\Users\carlp\AppData\Local\Resmon.ResmonCfg
2016-12-20 11:40 - 2016-12-20 11:40 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-08 22:16 - 2016-12-08 22:16 - 00194803 _____ C:\Users\carlp\Desktop\Scan022.pdf
2016-12-08 14:37 - 2016-12-08 14:37 - 01550179 _____ C:\Users\amylo\Downloads\Letter.pdf
2016-12-08 14:37 - 2016-12-08 14:37 - 01550179 _____ C:\Users\amylo\Desktop\HR Mat Letter.pdf
2016-12-05 12:14 - 2016-12-05 12:14 - 00033470 _____ C:\Users\amylo\Desktop\MyO2Bill(16.12.04).pdf
2016-11-29 19:06 - 2016-11-29 17:41 - 00000000 _____ C:\Users\carlp\Desktop\footage.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-29 16:06 - 2016-11-16 18:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-29 15:00 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-29 14:53 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-29 14:34 - 2015-09-28 20:36 - 00917194 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-29 14:31 - 2016-11-22 19:17 - 00000695 _____ C:\Users\carlp\Desktop\JRT.txt
2016-12-29 14:27 - 2015-09-28 12:48 - 00000000 ___RD C:\Users\carlp\OneDrive
2016-12-29 14:23 - 2016-11-16 18:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-29 14:23 - 2015-12-05 15:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-29 14:23 - 2015-09-28 12:55 - 00000000 __SHD C:\Users\carlp\IntelGraphicsProfiles
2016-12-29 14:22 - 2016-11-22 18:58 - 00000000 ____D C:\AdwCleaner
2016-12-29 14:22 - 2016-11-16 18:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-29 14:22 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-29 14:18 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-29 14:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-29 14:01 - 2016-11-18 11:53 - 00000000 ___HD C:\OneDriveTemp
2016-12-29 11:57 - 2015-10-01 14:26 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-29 11:46 - 2015-09-28 13:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-29 11:41 - 2015-09-28 13:35 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-29 11:35 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-29 11:35 - 2015-10-25 15:49 - 00000000 ____D C:\Users\carlp\AppData\Local\Adobe
2016-12-29 11:33 - 2015-10-09 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-28 14:34 - 2016-11-16 18:37 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-28 14:34 - 2016-11-16 18:37 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-28 14:34 - 2015-10-30 16:59 - 00000000 ____D C:\Users\carlp\AppData\Roaming\vlc
2016-12-26 11:43 - 2016-11-16 18:13 - 00000000 ____D C:\Users\carlp
2016-12-26 11:43 - 2015-10-03 23:38 - 00000000 ___RD C:\Users\amylo\OneDrive
2016-12-26 11:38 - 2015-11-08 12:10 - 00000000 ____D C:\Users\amylo\AppData\Roaming\Spotify
2016-12-26 11:38 - 2015-10-31 09:00 - 00000000 ____D C:\Users\amylo\AppData\Local\Adobe
2016-12-26 11:36 - 2015-09-28 12:48 - 00002367 _____ C:\Users\carlp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-26 11:33 - 2015-11-08 12:10 - 00000000 ____D C:\Users\amylo\AppData\Local\Spotify
2016-12-20 11:40 - 2015-10-03 23:38 - 00002367 _____ C:\Users\amylo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-14 11:46 - 2016-11-16 18:13 - 00000000 ____D C:\Users\amylo
2016-12-14 11:46 - 2015-10-03 23:34 - 00000000 __SHD C:\Users\amylo\IntelGraphicsProfiles
2016-12-12 20:34 - 2014-09-21 18:02 - 00002250 ____H C:\Users\carlp\Documents\Default.rdp
2016-12-08 21:56 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-12-03 10:16 - 2015-10-25 18:35 - 00000000 ____D C:\Users\carlp\AppData\Local\Spotify
2016-12-03 10:12 - 2015-10-25 18:31 - 00000000 ____D C:\Users\carlp\AppData\Roaming\Spotify
2016-12-03 10:05 - 2015-10-25 15:45 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2015-11-22 12:49 - 2015-11-22 12:49 - 0000132 _____ () C:\Users\carlp\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-11-22 12:51 - 2015-11-22 12:51 - 0000132 _____ () C:\Users\carlp\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-21 23:19 - 2016-08-21 23:19 - 0001456 _____ () C:\Users\carlp\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-26 11:39 - 2016-12-29 12:17 - 0007644 _____ () C:\Users\carlp\AppData\Local\Resmon.ResmonCfg
2016-11-16 18:07 - 2016-11-16 18:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\carlp\AppData\Local\Temp\libeay32.dll
C:\Users\carlp\AppData\Local\Temp\msvcr120.dll
C:\Users\carlp\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-29 14:44

==================== End of FRST.txt ============================

 

 

Any help would be massively appreciated.

 

BS...

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 30 December 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_winlogonx64.dll [X]
GroupPolicy: Restriction <======= ATTENTION
CHR Extension: (Video Player) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-29]
C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#3 Brownstone1892

Brownstone1892
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 30 December 2016 - 01:33 PM

Hi NASDAQ,

 

I ran through your instructions, and all seems well so far. I'll come back next year to update you ;-)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by carlp (30-12-2016 17:56:25) Run:1
Running from C:\Users\carlp\Desktop\Bleeping
Loaded Profiles: carlp (Available Profiles: carlp & amylo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_winlogonx64.dll [X]
GroupPolicy: Restriction <======= ATTENTION
CHR Extension: (Video Player) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-29]
C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist Express Customer" => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij => moved successfully
C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"C:\Users\carlp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebnehfojpoccpaocfbelbclfnpbmij" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1970048 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 277862559 B
Java, Flash, Steam htmlcache => 47260157 B
Windows/system/drivers => 463968017 B
Edge => 838661 B
Chrome => 429537416 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 130602 B
carlp => 112792732 B
amylo => 99548880 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:58:51 ====
 
 
Many thanks,
 
BS...


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,908 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 31 December 2016 - 09:34 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users