Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected, Gameo hijack pop up.


  • This topic is locked This topic is locked
11 replies to this topic

#1 mwalton123

mwalton123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 23 February 2017 - 07:46 PM

This is my 14yr old sons computer and he has gone crazy with games and downloads for them.  The initial problem was very severe hijacks, pop ups and redirects.  I uninstalled a ton of junk and ran Malwarebytes and Spybot which cleaned up 75% of the issues but we still have Gameo pop ups, redirects and super slow on start up.  Windows firewall has always been up and the free trial of Norton that loaded with Malwarebytes alerted to a bunch of problems but never seemed able to make them go away.

 

Here are my logs.  Also please advise of a system worth the money to defend against this.  In the past it has seemed that most aren't up to the task.  I have paid for AVG, Norton and McAfee with all of them letting me down or being so clunky I couldn't work with them in the way.  Maybe I am asking too much?

 

Thanks in advance!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Caleb Walton (administrator) on LAPTOP-ET8LVD7D (23-02-2017 18:28:05)
Running from C:\Users\Caleb Walton\Downloads
Loaded Profiles: Caleb Walton (Available Profiles: Caleb Walton)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qproxy\qengine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8530176 2015-09-25] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [654088 2015-08-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe [3952600 2016-03-23] (Qustodio)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\Run: [Chromium] => c:\users\caleb walton\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\RunOnce: [Uninstall C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\RunOnce: [Uninstall C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\RunOnce: [Uninstall C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\RunOnce: [Uninstall C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\RunOnce: [Uninstall C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caleb Walton\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\MountPoints2: {5ad85be6-8939-11e5-9bd1-806e6f6e6963} - "E:\LaunchBOPC2.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
BootExecute: autocheck autochk * aswBoot.exe /M:1111514406ac /wow /dir:"C:\Program Files\AVAST Software\Avast"sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0cf0b4b3-e0f9-457c-9494-5e15542fc55d}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{323af82d-5f7d-43e9-8d6b-e03d3b1861e2}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{df38721c-3bd4-4dd3-92b0-269eb7c402ff}: [DhcpNameServer] 82.163.143.157

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKLM-x32 -> {56C73C63-341D-48CB-8BB7-2FFDA01A6D73} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {56C73C63-341D-48CB-8BB7-2FFDA01A6D73} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {A1C142BF-ABF5-4DA5-9850-FDA51B2417EF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-06] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: g5povnw1.default
FF ProfilePath: C:\Users\Caleb Walton\AppData\Roaming\Mozilla\Firefox\Profiles\g5povnw1.default [2017-02-23]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-1c00da85
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-1c00da85"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Google Slides) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Login Faster) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhmpljbpflalfgocddlimdncfbpblch [2016-07-25]
CHR Extension: (Google Docs) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Google Search) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Sheets) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR Extension: (Gmail) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]
CHR Extension: (Chrome Media Router) - C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-07] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-07] (Advanced Micro Devices, Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-10] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-07-27] (Hewlett-Packard Development Company, L.P.)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsupdatesvr.exe [133480 2015-11-12] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [4127192 2016-03-23] (Qustodio)
R2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [2112472 2016-03-23] (Qustodio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-09-25] (Realtek Semiconductor)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268920 2016-05-17] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-09-14] (Advanced Micro Devices, INC.)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-09-14] (Advanced Micro Devices)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [41080 2015-12-30] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-22] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S1 qwdf64; C:\WINDOWS\system32\Drivers\qwdf64.sys [40696 2016-03-23] (Qustodio)
S1 qwdr64; C:\WINDOWS\system32\Drivers\qwdr64.sys [54528 2016-03-23] (Qustodio)
R2 qwfp; C:\windows\system32\Drivers\qwfp64.sys [47752 2016-03-23] (Qustodio)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2015-09-25] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-21] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [407768 2015-09-25] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-09-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960 2015-09-25] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 18:28 - 2017-02-23 18:28 - 00021568 _____ C:\Users\Caleb Walton\Downloads\FRST.txt
2017-02-23 18:26 - 2017-02-23 18:28 - 00000000 ____D C:\FRST
2017-02-23 18:24 - 2017-02-23 18:26 - 02423296 _____ (Farbar) C:\Users\Caleb Walton\Downloads\FRST64.exe
2017-02-23 17:59 - 2017-02-23 18:00 - 00000000 ____D C:\Users\Caleb Walton\Desktop\HJT Logs
2017-02-23 17:57 - 2017-02-23 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Caleb Walton\Downloads\HijackThis.exe
2017-02-23 17:56 - 2016-03-23 16:36 - 00054528 _____ (Qustodio) C:\WINDOWS\system32\Drivers\qwdr64.sys
2017-02-23 17:56 - 2016-03-23 16:36 - 00040696 _____ (Qustodio) C:\WINDOWS\system32\Drivers\qwdf64.sys
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-23 00:57 - 2017-02-23 00:59 - 11581544 _____ (SurfRight B.V.) C:\Users\Caleb Walton\Downloads\HitmanPro_x64.exe
2017-02-23 00:47 - 2017-02-23 00:47 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-23 00:47 - 2017-02-23 00:47 - 00000000 ____D C:\ProgramData\adaware
2017-02-23 00:34 - 2017-02-23 00:34 - 00003546 _____ C:\WINDOWS\System32\Tasks\{56657CD9-4EF7-4A86-9AF0-3FEA123FB923}
2017-02-23 00:30 - 2017-02-23 00:30 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\WildTangent
2017-02-22 22:46 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-22 22:15 - 2017-02-22 22:15 - 07649008 _____ C:\Users\Caleb Walton\Downloads\_spybotsd_includes (1).exe
2017-02-22 22:04 - 2017-02-23 00:26 - 00000000 ____D C:\ProgramData\Norton
2017-02-22 22:04 - 2017-02-22 22:04 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-22 21:59 - 2017-02-22 21:59 - 00000000 ____D C:\Users\Caleb Walton\Desktop\Includes
2017-02-22 21:59 - 2017-02-22 21:59 - 00000000 ____D C:\Program Files\McAfee
2017-02-22 21:57 - 2017-02-22 22:12 - 01281744 _____ (Hesob ) C:\Users\Caleb Walton\Downloads\spybotsd_includes (1).exe
2017-02-22 21:57 - 2017-02-22 21:57 - 07649008 _____ C:\Users\Caleb Walton\Downloads\_spybotsd_includes.exe
2017-02-22 21:52 - 2017-02-22 21:53 - 01281744 _____ (Hesob ) C:\Users\Caleb Walton\Downloads\spybotsd_includes.exe
2017-02-22 21:20 - 2017-02-22 21:41 - 00001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-22 21:20 - 2017-02-22 21:20 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-22 21:20 - 2017-02-22 21:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-22 21:20 - 2017-02-22 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-22 21:19 - 2017-02-22 23:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-22 21:19 - 2017-02-22 23:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-22 21:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-22 21:17 - 2017-02-22 21:17 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Caleb Walton\Downloads\_spybot-2.4.exe
2017-02-22 19:53 - 2017-02-22 19:53 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\Skype
2017-02-22 19:21 - 2017-02-22 19:21 - 00000000 ____D C:\Users\Caleb Walton\AppData\Local\ElevatedDiagnostics
2017-02-22 11:27 - 2017-02-22 20:42 - 00000000 ____D C:\ProgramData\{865C7655-31F7-C1FE-3628-5E521AE0CD92}
2017-02-22 11:27 - 2017-02-22 11:27 - 00003986 _____ C:\WINDOWS\System32\Tasks\{7ADB3310-CD70-84BB-46B2-A03E382FB47B}
2017-02-22 11:27 - 2017-02-22 11:27 - 00000000 ____D C:\ProgramData\{78310f25-012c-0}
2017-02-22 11:27 - 2017-02-22 11:27 - 00000000 ____D C:\ProgramData\{14d40bf6-112c-1}
2017-02-07 15:14 - 2017-02-22 19:48 - 00000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForCaleb Walton.job
2017-02-07 15:14 - 2017-02-22 11:31 - 00003312 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForCaleb Walton
2017-02-03 15:10 - 2017-02-03 15:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-03 13:53 - 2017-02-03 13:59 - 00000000 ____D C:\Users\Caleb Walton\Desktop\tmp
2017-02-03 13:47 - 2017-02-03 13:53 - 38796160 _____ (Mojang) C:\Users\Caleb Walton\Desktop\Minecraft (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 18:29 - 2015-12-29 22:19 - 00009712 _____ C:\WINDOWS\SysWOW64\qengineOff.ini
2017-02-23 18:28 - 2015-12-29 22:19 - 00009712 _____ C:\WINDOWS\system32\qengineOff.ini
2017-02-23 18:23 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 17:57 - 2015-12-27 18:42 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9D9C6856-2F56-45C4-9719-3A16F2533AEC}
2017-02-23 17:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 17:54 - 2015-12-30 18:13 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-23 17:51 - 2016-05-15 17:48 - 00001104 _____ C:\WINDOWS\SysWOW64\cert.cer
2017-02-23 17:51 - 2015-11-12 06:46 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-23 17:50 - 2016-01-13 04:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 01:10 - 2016-01-13 03:46 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-23 01:10 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-23 01:06 - 2016-01-13 06:41 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-23 00:58 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 00:41 - 2015-11-12 06:37 - 00000420 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
2017-02-23 00:41 - 2015-11-12 06:37 - 00000420 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
2017-02-23 00:40 - 2015-11-12 06:46 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-23 00:32 - 2015-11-12 06:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-23 00:30 - 2015-11-12 06:40 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-23 00:30 - 2015-11-12 06:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2017-02-23 00:25 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-23 00:25 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-02-22 23:04 - 2016-01-31 20:21 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\Gameo
2017-02-22 22:52 - 2016-12-11 14:05 - 00000000 ____D C:\Program Files (x86)\NetRadio
2017-02-22 22:46 - 2015-11-12 06:52 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-22 21:57 - 2015-11-12 06:52 - 00000000 ____D C:\ProgramData\McAfee
2017-02-22 21:57 - 2015-11-12 06:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-22 20:42 - 2016-12-11 14:01 - 00000000 ____D C:\ProgramData\{49F98C9A-C3BB-065C-457D-981EDF3F13D0}
2017-02-22 20:42 - 2016-01-31 20:21 - 00000000 ____D C:\Users\Caleb Walton\AppData\Local\Gameo
2017-02-22 20:31 - 2016-04-19 11:47 - 00000000 ____D C:\ProgramData\52ef530c
2017-02-22 20:31 - 2016-03-28 09:39 - 00000000 ____D C:\ProgramData\c8167b6f-5713-1
2017-02-22 20:13 - 2015-12-30 01:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 20:09 - 2015-12-25 19:20 - 00000000 ___RD C:\Users\Caleb Walton\OneDrive
2017-02-22 20:01 - 2015-11-12 06:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-22 20:00 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2017-02-22 19:57 - 2015-11-12 06:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-02-22 19:57 - 2015-11-12 06:36 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-22 19:56 - 2016-01-13 03:50 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 19:56 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 19:48 - 2015-12-27 18:36 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\AVAST Software
2017-02-22 11:27 - 2016-12-10 16:44 - 00000000 ____D C:\ProgramData\c8167b6f-6f75-1
2017-02-22 11:27 - 2016-12-10 16:44 - 00000000 ____D C:\ProgramData\c8167b6f-5673-0
2017-02-07 15:22 - 2015-12-30 05:06 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 15:22 - 2015-12-30 05:06 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-03 14:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-03 14:02 - 2016-05-01 15:39 - 00001721 _____ C:\Users\Caleb Walton\Desktop\nativelog.txt
2017-02-03 14:01 - 2016-12-11 14:01 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\Fideha
2017-02-03 13:59 - 2016-05-01 15:39 - 00000000 ____D C:\Users\Caleb Walton\Desktop\game
2017-02-03 13:16 - 2015-12-30 05:06 - 00000000 ____D C:\Users\Caleb Walton\AppData\Local\Google
2017-02-02 21:31 - 2015-12-30 05:01 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-02 21:31 - 2015-12-30 05:01 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-12-11 14:01 - 2016-12-11 14:01 - 0019481 _____ () C:\Users\Caleb Walton\AppData\Roaming\Gohec
2015-12-26 05:01 - 2015-12-27 19:01 - 0000105 _____ () C:\Users\Caleb Walton\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2017-02-22 19:20 - 2017-02-22 19:20 - 0005120 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\4srhlage.dll
2017-02-22 19:22 - 2017-02-22 19:22 - 0005120 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\b5v0mney.dll
2017-02-22 19:20 - 2017-02-22 19:20 - 0006656 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\cjzcztaa.dll
2017-02-22 19:57 - 2015-12-30 02:01 - 11323704 _____ (SurfRight B.V.) C:\Users\Caleb Walton\AppData\Local\Temp\HitmanPro.exe
2016-02-23 05:43 - 2016-02-23 05:43 - 0120336 _____ (McAfee, Inc.) C:\Users\Caleb Walton\AppData\Local\Temp\McCSPInstall.dll
2017-02-22 20:01 - 2016-02-23 05:43 - 0123360 _____ (McAfee Inc.) C:\Users\Caleb Walton\AppData\Local\Temp\mccspuninstall.exe
2017-02-22 11:39 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is181F.exe
2017-02-22 19:32 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is4E68.exe
2017-02-22 11:41 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is56F8.exe
2017-02-22 11:29 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is6390.exe
2017-02-22 11:45 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is685A.exe
2017-02-22 11:39 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is745D.exe
2017-02-22 11:32 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is797B.exe
2017-02-22 19:23 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is86F8.exe
2017-02-22 11:31 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_is86FD.exe
2017-02-22 18:46 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_isA66.exe
2017-02-22 11:33 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_isBD75.exe
2017-02-22 11:44 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_isBE3F.exe
2017-02-23 00:41 - 2006-05-24 14:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Caleb Walton\AppData\Local\Temp\_isE7B1.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-23 00:04

==================== End of FRST.txt ============================Attached File  Addition.txt   39.13KB   3 downloads



BC AdBot (Login to Remove)

 


#2 mwalton123

mwalton123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 23 February 2017 - 07:51 PM

Crap, I forgot to add that when I tried to register for this site via this computer the security question wasn't visible.  I had to register from my laptop just to get this posted.



#3 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 24 February 2017 - 05:56 AM

Hello mwalton123 and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 24 February 2017 - 06:03 AM

Hi again,

 

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

My suggestion, they remove  with RevoUninstaller Free tool

gameo_update
One System Care
Your download is ready Packages
Spybot - Search and Destroy
Chromium
Java 7 Update 79
Java 8 Update 66
SystemHealer
WebUpdater or WebUpdater Launch

Once the removal is complete, restart the computer . You may not see some software

Let me know when you get that done.

 

Have a nice day.


Edited by olgun52, 24 February 2017 - 06:06 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 mwalton123

mwalton123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 24 February 2017 - 06:58 PM

Done!  



#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 25 February 2017 - 04:37 AM

Thanks mwalton123,

 

Please do the following.

Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   14.08KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 mwalton123

mwalton123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 February 2017 - 08:27 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Caleb Walton (28-02-2017 19:40:40) Run:1
Running from C:\Users\Caleb Walton\Downloads
Loaded Profiles: Caleb Walton (Available Profiles: Caleb Walton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\Run: [Chromium] => c:\users\caleb walton\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\MountPoints2: {5ad85be6-8939-11e5-9bd1-806e6f6e6963} - "E:\LaunchBOPC2.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
BootExecute: autocheck autochk * aswBoot.exe /M:1111514406ac /wow /dir:"C:\Program Files\AVAST Software\Avast"sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKLM-x32 -> {56C73C63-341D-48CB-8BB7-2FFDA01A6D73} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1c00da85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {56C73C63-341D-48CB-8BB7-2FFDA01A6D73} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2719923867-515553745-1764287371-1002 -> {A1C142BF-ABF5-4DA5-9850-FDA51B2417EF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-06] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-1c00da85
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-1c00da85"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
U0 aswVmm; no ImagePath
2017-02-23 00:47 - 2017-02-23 00:47 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-23 00:47 - 2017-02-23 00:47 - 00000000 ____D C:\ProgramData\adaware
2017-02-22 22:46 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-22 22:15 - 2017-02-22 22:15 - 07649008 _____ C:\Users\Caleb Walton\Downloads\_spybotsd_includes (1).exe
2017-02-22 22:04 - 2017-02-23 00:26 - 00000000 ____D C:\ProgramData\Norton
2017-02-22 22:04 - 2017-02-22 22:04 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-22 21:57 - 2017-02-22 22:12 - 01281744 _____ (Hesob ) C:\Users\Caleb Walton\Downloads\spybotsd_includes (1).exe
2017-02-22 21:57 - 2017-02-22 21:57 - 07649008 _____ C:\Users\Caleb Walton\Downloads\_spybotsd_includes.exe
2017-02-22 21:52 - 2017-02-22 21:53 - 01281744 _____ (Hesob ) C:\Users\Caleb Walton\Downloads\spybotsd_includes.exe
2017-02-22 21:20 - 2017-02-22 21:41 - 00001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-22 21:20 - 2017-02-22 21:20 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-22 21:20 - 2017-02-22 21:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-22 21:20 - 2017-02-22 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-22 21:19 - 2017-02-22 23:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-22 21:19 - 2017-02-22 23:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-22 21:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-22 21:17 - 2017-02-22 21:17 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Caleb Walton\Downloads\_spybot-2.4.exe
2017-02-22 11:27 - 2017-02-22 11:27 - 00000000 ____D C:\ProgramData\{78310f25-012c-0}
2017-02-22 11:27 - 2017-02-22 11:27 - 00000000 ____D C:\ProgramData\{14d40bf6-112c-1}
C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-22 20:42 - 2016-01-31 20:21 - 00000000 ____D C:\Users\Caleb Walton\AppData\Local\Gameo
2017-02-22 20:31 - 2016-04-19 11:47 - 00000000 ____D C:\ProgramData\52ef530c
2017-02-22 20:31 - 2016-03-28 09:39 - 00000000 ____D C:\ProgramData\c8167b6f-5713-1
C:\Users\Caleb Walton\AppData\Roaming\Gameo
2017-02-22 19:57 - 2015-11-12 06:36 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-22 19:48 - 2015-12-27 18:36 - 00000000 ____D C:\Users\Caleb Walton\AppData\Roaming\AVAST Software
2017-02-22 11:27 - 2016-12-10 16:44 - 00000000 ____D C:\ProgramData\c8167b6f-6f75-1
2017-02-22 11:27 - 2016-12-10 16:44 - 00000000 ____D C:\ProgramData\c8167b6f-5673-0
C:\Users\Caleb Walton\AppData\Roaming\Fideha
C:\Users\Caleb Walton\AppData\Roaming\Gohec
C:\Users\Caleb Walton\AppData\Roaming\WB.CFG
2017-02-22 19:20 - 2017-02-22 19:20 - 0005120 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\4srhlage.dll
2017-02-22 19:22 - 2017-02-22 19:22 - 0005120 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\b5v0mney.dll
2017-02-22 19:20 - 2017-02-22 19:20 - 0006656 _____ () C:\Users\Caleb Walton\AppData\Local\Temp\cjzcztaa.dll
C:\Users\Caleb Walton\AppData\Local\Temp
Task: {0FC7AB7B-AD86-43A0-97C6-4A10F4B845A8} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {3494D88D-7506-4373-93FF-4DD6D746B812} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {386F7CE8-7A52-4CCD-988D-9A436BF12780} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8B462D70-0D0F-43A4-9621-E15538BEC8F3} - System32\Tasks\gameo_update => C:\Users\Caleb  <==== ATTENTION
Task: {91904B9E-BDDC-4510-BAA2-D68B6FBFB0E1} - \One System Care Monitor -> No File <==== ATTENTION
Task: {98253BB2-687C-4FA2-AA86-B69D9BA55568} - System32\Tasks\{7ADB3310-CD70-84BB-46B2-A03E382FB47B} => C:\ProgramData\{865C7655-31F7-C1FE-3628-5E521AE0CD92}\A6FC4620-1157-F18B-ADDC-25D0812EB71D.exe  <==== ATTENTION
Task: {A3AA46B4-2F86-483B-949A-89C7371338F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A757AB40-3C71-47C4-94D4-343A5D1E03B8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B1938152-4FB9-4776-96FE-60890850BC91} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {B8B1E4F3-814C-4E44-A0A6-EE6BEB231244} - \WebUpdater LaunchTask -> No File <==== ATTENTION
Task: {A92F447E-B82E-4A88-B4C6-192B44B25203} - \System Healer Task -> No File <==== ATTENTION
Task: {F094F9DB-26B7-4911-8898-DC12C02B1E63} - \WebUpdater Task -> No File <==== ATTENTION
Task: {E9B55C14-0BEA-4EA2-A704-1B79E94C7B32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
2017-02-22 21:19 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-22 21:19 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-22 21:19 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\...\StartupApproved\Run: => "Chromium"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Chromium" /f
Reg: reg delete HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Chromium" /f
FirewallRules: [TCP Query User{30EEB142-5DB7-414B-B73A-7AF23CDA0FD6}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{2972C2E2-878A-45C3-8D77-868D9877226E}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{D5CAA15E-90C4-4C71-BDD2-1B61902B3835}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{943A3313-C8B1-4A2C-B198-DA5DBCC7A65B}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{66A22BA7-2D84-4768-9DA2-5032AE17DA03}C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{50636FC3-3981-4EE7-973A-272F1CE24182}C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value not found.
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ad85be6-8939-11e5-9bd1-806e6f6e6963} => key removed successfully
HKCR\CLSID\{5ad85be6-8939-11e5-9bd1-806e6f6e6963} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56C73C63-341D-48CB-8BB7-2FFDA01A6D73} => key removed successfully
HKCR\Wow6432Node\CLSID\{56C73C63-341D-48CB-8BB7-2FFDA01A6D73} => key not found. 
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56C73C63-341D-48CB-8BB7-2FFDA01A6D73} => key removed successfully
HKCR\CLSID\{56C73C63-341D-48CB-8BB7-2FFDA01A6D73} => key not found. 
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A1C142BF-ABF5-4DA5-9850-FDA51B2417EF} => key removed successfully
HKCR\CLSID\{A1C142BF-ABF5-4DA5-9850-FDA51B2417EF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.79.2 => key not found. 
"C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.79.2 => key not found. 
"C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2 => key not found. 
C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll => not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\Caleb Walton\AppData\Local\Google\Chrome\User Data\Default => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key removed successfully
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
C:\ProgramData\Lavasoft => moved successfully
C:\ProgramData\adaware => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\Users\Caleb Walton\Downloads\_spybotsd_includes (1).exe => moved successfully
C:\ProgramData\Norton => moved successfully
C:\ProgramData\NortonInstaller => moved successfully
C:\Users\Caleb Walton\Downloads\spybotsd_includes (1).exe => moved successfully
C:\Users\Caleb Walton\Downloads\_spybotsd_includes.exe => moved successfully
C:\Users\Caleb Walton\Downloads\spybotsd_includes.exe => moved successfully
"C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\ProgramData\Spybot - Search & Destroy" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => not found.
"C:\WINDOWS\system32\sdnclean64.exe" => not found.
C:\Users\Caleb Walton\Downloads\_spybot-2.4.exe => moved successfully
C:\ProgramData\{78310f25-012c-0} => moved successfully
C:\ProgramData\{14d40bf6-112c-1} => moved successfully
C:\WINDOWS\System32\Tasks\AVAST Software => moved successfully
C:\Users\Caleb Walton\AppData\Local\Gameo => moved successfully
C:\ProgramData\52ef530c => moved successfully
C:\ProgramData\c8167b6f-5713-1 => moved successfully
C:\Users\Caleb Walton\AppData\Roaming\Gameo => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\Caleb Walton\AppData\Roaming\AVAST Software => moved successfully
C:\ProgramData\c8167b6f-6f75-1 => moved successfully
C:\ProgramData\c8167b6f-5673-0 => moved successfully
"C:\Users\Caleb Walton\AppData\Roaming\Fideha" => not found.
C:\Users\Caleb Walton\AppData\Roaming\Gohec => moved successfully
C:\Users\Caleb Walton\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Caleb Walton\AppData\Local\Temp\4srhlage.dll => moved successfully
C:\Users\Caleb Walton\AppData\Local\Temp\b5v0mney.dll => moved successfully
C:\Users\Caleb Walton\AppData\Local\Temp\cjzcztaa.dll => moved successfully
 
"C:\Users\Caleb Walton\AppData\Local\Temp" folder move:
 
Could not move "C:\Users\Caleb Walton\AppData\Local\Temp" => Scheduled to move on reboot.
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FC7AB7B-AD86-43A0-97C6-4A10F4B845A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC7AB7B-AD86-43A0-97C6-4A10F4B845A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3494D88D-7506-4373-93FF-4DD6D746B812} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3494D88D-7506-4373-93FF-4DD6D746B812} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{386F7CE8-7A52-4CCD-988D-9A436BF12780} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{386F7CE8-7A52-4CCD-988D-9A436BF12780} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B462D70-0D0F-43A4-9621-E15538BEC8F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B462D70-0D0F-43A4-9621-E15538BEC8F3} => key removed successfully
C:\WINDOWS\System32\Tasks\gameo_update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91904B9E-BDDC-4510-BAA2-D68B6FBFB0E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91904B9E-BDDC-4510-BAA2-D68B6FBFB0E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98253BB2-687C-4FA2-AA86-B69D9BA55568} => key not found. 
C:\WINDOWS\System32\Tasks\{7ADB3310-CD70-84BB-46B2-A03E382FB47B} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7ADB3310-CD70-84BB-46B2-A03E382FB47B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AA46B4-2F86-483B-949A-89C7371338F6} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A757AB40-3C71-47C4-94D4-343A5D1E03B8} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1938152-4FB9-4776-96FE-60890850BC91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1938152-4FB9-4776-96FE-60890850BC91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B1E4F3-814C-4E44-A0A6-EE6BEB231244} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B1E4F3-814C-4E44-A0A6-EE6BEB231244} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebUpdater LaunchTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A92F447E-B82E-4A88-B4C6-192B44B25203} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A92F447E-B82E-4A88-B4C6-192B44B25203} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F094F9DB-26B7-4911-8898-DC12C02B1E63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F094F9DB-26B7-4911-8898-DC12C02B1E63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebUpdater Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B55C14-0BEA-4EA2-A704-1B79E94C7B32} => key not found. 
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found. 
"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl" => not found.
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium => value removed successfully
HKU\S-1-5-21-2719923867-515553745-1764287371-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium => value not found.
 
========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Chromium" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Chromium" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30EEB142-5DB7-414B-B73A-7AF23CDA0FD6}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2972C2E2-878A-45C3-8D77-868D9877226E}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D5CAA15E-90C4-4C71-BDD2-1B61902B3835}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{943A3313-C8B1-4A2C-B198-DA5DBCC7A65B}C:\users\caleb walton\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66A22BA7-2D84-4768-9DA2-5032AE17DA03}C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50636FC3-3981-4EE7-973A-272F1CE24182}C:\users\caleb walton\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {57736753-85EC-4BE5-A522-BB50324F2AB4}.
{FAF68187-A021-4D4D-86AD-3786708800F4} canceled.
{7D2A6775-BE74-4285-ABF5-521273BF3C2A} canceled.
{BEAFA35E-9083-4442-BC4B-E8AF6A38139B} canceled.
{9CC95671-55E6-4FC3-AA2D-CFF0A9CAEE0C} canceled.
{15046615-D110-4D34-8098-9FBFE12C6B59} canceled.
{F32523E4-A244-4FEB-8C8C-F1E30CFB5285} canceled.
{AE05CEC0-81BB-4608-B85F-EB629C6F9FE9} canceled.
Unable to cancel {19AE3497-8F41-448B-9CFC-D619F13DE483}.
{107B5E4D-96E0-4F15-A54D-ED1C9A15B80C} canceled.
{9EB3F9C3-AAC8-4D4C-A5CE-2228A30F2BD6} canceled.
{62DDD73A-39E6-4AF9-A46F-8D3A068A2D01} canceled.
{7BBC1D3A-6BC5-496B-8E00-B216D818C9CD} canceled.
{B57227C2-7CA1-42B9-B3E0-459C202A2893} canceled.
Unable to cancel {248DBCA0-7BF5-40CD-A6C6-A1C46E2BACBD}.
{23528A9F-993F-429A-A1B3-DBFAE1AE30D5} canceled.
{9F0F001A-81BB-4015-89BF-0A400A1B61FB} canceled.
{AE3B9220-4B16-4196-A7D8-FA66D5840E78} canceled.
{12503F09-D690-4312-B7F8-9B8D5BB0892C} canceled.
{7819776E-932C-443E-9D73-1C38969F5BDE} canceled.
17 out of 20 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10760778 B
Java, Flash, Steam htmlcache => 33010274 B
Windows/system/drivers => 1125129 B
Edge => 13449514 B
Chrome => 1045057 B
Firefox => 258314281 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 219036 B
systemprofile32 => 128 B
LocalService => 172098 B
NetworkService => 20964 B
Caleb Walton => 1381971365 B
 
RecycleBin => 2458 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-02-2017 20:14:05)
 
"C:\Users\Caleb Walton\AppData\Local\Temp" => Could not move
 
==== End of Fixlog 20:14:08 ====


#8 mwalton123

mwalton123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 February 2017 - 08:49 PM

# AdwCleaner v6.043 - Logfile created 28/02/2017 at 20:36:17
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Caleb Walton - LAPTOP-ET8LVD7D
# Running from : C:\Users\Caleb Walton\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\186b9a68-74a3-0
[-] Folder deleted: C:\ProgramData\186b9a68-7551-1
[-] Folder deleted: C:\ProgramData\195b34c4-3eb5-0
[-] Folder deleted: C:\ProgramData\195b34c4-6f17-0
[-] Folder deleted: C:\ProgramData\c8167b6f-0597-1
[-] Folder deleted: C:\ProgramData\c8167b6f-14b7-0
[-] Folder deleted: C:\ProgramData\c8167b6f-1ad3-1
[-] Folder deleted: C:\ProgramData\c8167b6f-2a07-0
[-] Folder deleted: C:\ProgramData\c8167b6f-2a77-0
[-] Folder deleted: C:\ProgramData\c8167b6f-4257-1
[-] Folder deleted: C:\ProgramData\c8167b6f-5205-1
[-] Folder deleted: C:\ProgramData\c8167b6f-58c1-1
[-] Folder deleted: C:\ProgramData\c8167b6f-6221-0
[-] Folder deleted: C:\ProgramData\c8167b6f-64a1-0
[-] Folder deleted: C:\ProgramData\c8167b6f-7e11-0
[-] Folder deleted: C:\ProgramData\{01eb40b2-412c-0}
[-] Folder deleted: C:\ProgramData\{03fc9d4f-412c-1}
[-] Folder deleted: C:\ProgramData\{0ce9ec83-312c-0}
[-] Folder deleted: C:\ProgramData\{1ac77c88-112c-0}
[-] Folder deleted: C:\Users\Caleb Walton\AppData\Roaming\GoldenGate
[-] Folder deleted: C:\Users\Caleb Walton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
[-] Folder deleted: C:\Users\Caleb Walton\Documents\Startup Maximizer
[-] Folder deleted: C:\ProgramData\NetRadio
[#] Folder deleted on reboot: C:\ProgramData\Application Data\NetRadio
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
[-] Folder deleted: C:\Program Files (x86)\NetRadio
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Caleb Walton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: {7A790C47-0D05-7A0A-0911-7F040405117F}
[-] Task deleted: NetRadioUpdater
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\GoldenGate
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\WebBar
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Earth Networks
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\csastats
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\ICSW1.23
[-] Key deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\GoldenGate
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\WebBar
[#] Key deleted on reboot: HKCU\Software\Earth Networks
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ICSW1.23
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\GoldenGate
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\WebBar
[#] Key deleted on reboot: [x64] HKCU\Software\Earth Networks
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.23
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0cf0b4b3-e0f9-457c-9494-5e15542fc55d} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{323af82d-5f7d-43e9-8d6b-e03d3b1861e2} [NameServer] 
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{df38721c-3bd4-4dd3-92b0-269eb7c402ff} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0cf0b4b3-e0f9-457c-9494-5e15542fc55d} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{323af82d-5f7d-43e9-8d6b-e03d3b1861e2} [NameServer] 
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{df38721c-3bd4-4dd3-92b0-269eb7c402ff} [NameServer] 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com
[-] Value deleted: HKU\S-1-5-21-2719923867-515553745-1764287371-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Gameo]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Value deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [winwb.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1570 Bytes] - [30/12/2015 04:56:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [9605 Bytes] - [28/02/2017 20:36:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [1400 Bytes] - [30/12/2015 04:51:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [9426 Bytes] - [28/02/2017 20:35:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [9824 Bytes] ##########


#9 mwalton123

mwalton123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 February 2017 - 09:12 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by Caleb Walton (Administrator) on Tue 02/28/2017 at 21:04:14.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0204771488252474mcinstcleanup (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/28/2017 at 21:09:13.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 01 March 2017 - 04:02 AM

Thanks for the Logs.

Please do this:

 

Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 04 March 2017 - 02:16 PM

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 08 March 2017 - 04:59 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users