Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update Malfunctioning


  • This topic is locked This topic is locked
8 replies to this topic

#1 Veo8888

Veo8888

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 17 May 2017 - 03:27 PM

This is an old Windows 7 (64-bit) computer.  It is running a little slow and more importantly Windows Update has stopped updating.  The last update is from about a year ago.  Also, Windows Defender will not update.  Please help when you can.  Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Vishnukumar (administrator) on VISHNUKUMAR-HP (17-05-2017 12:52:44)
Running from C:\Users\Vishnukumar\Downloads
Loaded Profiles: Vishnukumar (Available Profiles: Vishnukumar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfupd.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-04-28] (Webroot)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-03-25] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4266382826-891097939-850599153-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-31] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2017-04-28] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2017-04-28] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2017-04-28] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2017-04-28] (Webroot)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-04-28]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-04-28]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2017-03-25]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2017-03-25]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2017-03-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-25]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 54.225.95.126 gcbkfpidjhchgnokamccdemjfamackdh
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{91BBA980-C5BC-464E-934F-5BF9AA58AC83}: [DhcpNameServer] 192.168.1.254
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {5BCA750C-F662-4391-ABD3-F67EE75EF1A1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {5BCA750C-F662-4391-ABD3-F67EE75EF1A1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {7AE24A70-03A7-43AA-B03D-69C2AE711106} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {A9E5773D-0562-4329-802C-209E903B9F0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {5BCA750C-F662-4391-ABD3-F67EE75EF1A1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {5BCA750C-F662-4391-ABD3-F67EE75EF1A1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7AE24A70-03A7-43AA-B03D-69C2AE711106} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {A9E5773D-0562-4329-802C-209E903B9F0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {5BCA750C-F662-4391-ABD3-F67EE75EF1A1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {7AE24A70-03A7-43AA-B03D-69C2AE711106} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A9E5773D-0562-4329-802C-209E903B9F0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-28] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-04-28] (Webroot)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-28] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-04-28] (Webroot)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-28] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-28] (Webroot)
Toolbar: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Vishnukumar\AppData\Roaming\Mozilla\Firefox\Profiles\ct6rxdae.default-1463375202218 [2017-05-15]
FF Homepage: Mozilla\Firefox\Profiles\ct6rxdae.default-1463375202218 -> www.google.com/
FF Extension: (Webroot Password Manager) - C:\Users\Vishnukumar\AppData\Roaming\Mozilla\Firefox\Profiles\ct6rxdae.default-1463375202218\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2017-04-28]
FF Extension: (Bitdefender QuickScan) - C:\Users\Vishnukumar\AppData\Roaming\Mozilla\Firefox\Profiles\ct6rxdae.default-1463375202218\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-03-25]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-04-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKU\.DEFAULT\...\Firefox\Extensions: [{65C7BE97-487C-40CA-59AD-274BB9F3FB6E}] - C:\Program Files (x86)\Select-N-Go-soft\158.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4266382826-891097939-850599153-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=02E02322CC26650A201B75534D968413
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default [2017-05-17]
CHR Extension: (Google Search) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
CHR Extension: (AdBlock) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-17]
CHR Extension: (Webroot Password Manager) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Webroot Password Manager) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-07-09]
CHR Extension: (Gmail) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2017-04-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-14] (RealNetworks, Inc.)
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-14] (RealNetworks, Inc.)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-04-28] (Webroot)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{3FF64EC6-36C9-4363-9141-2583B7B9847B}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [139088 2017-05-17] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2017-04-28] (Webroot)
S3 NPF; system32\drivers\NPF.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 V2iMount; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-17 12:52 - 2017-05-17 12:53 - 00029941 _____ C:\Users\Vishnukumar\Downloads\FRST.txt
2017-05-17 12:49 - 2017-05-17 12:52 - 00000000 ____D C:\FRST
2017-05-17 12:48 - 2017-05-17 12:49 - 02429952 _____ (Farbar) C:\Users\Vishnukumar\Downloads\FRST64.exe
2017-04-28 10:36 - 2017-04-28 10:36 - 00066328 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2017-04-28 10:35 - 2017-05-17 09:17 - 00139088 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2017-04-28 10:35 - 2017-04-28 10:35 - 00193072 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-04-28 10:35 - 2017-04-28 10:35 - 00126696 _____ (Webroot) C:\Windows\system32\WRusr.dll
2017-04-28 10:35 - 2017-04-28 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-04-28 10:35 - 2017-04-28 10:35 - 00000000 ____D C:\Program Files\Webroot
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-17 12:53 - 2009-07-13 21:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-17 12:53 - 2009-07-13 21:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-17 11:49 - 2017-03-25 18:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-17 11:01 - 2014-04-25 17:59 - 00000000 ____D C:\ProgramData\WRData
2017-05-17 09:17 - 2014-03-17 20:24 - 00001680 _____ C:\Windows\Tasks\Information-updater.job
2017-05-17 09:17 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-16 20:16 - 2014-02-11 13:48 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVishnukumar
2017-05-16 20:16 - 2014-02-11 13:48 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForVishnukumar.job
2017-05-15 22:21 - 2016-11-19 12:51 - 00000000 ____D C:\Users\Vishnukumar\AppData\LocalLow\Mozilla
2017-05-11 22:09 - 2017-03-25 16:11 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 22:09 - 2017-03-25 16:11 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 11:59 - 2014-08-19 21:04 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 11:59 - 2014-08-19 21:04 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 11:59 - 2014-08-19 21:04 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-11 11:59 - 2014-01-06 09:52 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-11 11:59 - 2010-10-11 23:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-08 07:16 - 2016-12-02 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-08 07:16 - 2014-10-08 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 17:07 - 2016-02-08 19:27 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 13:22 - 2009-07-13 22:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-28 10:37 - 2015-12-10 09:33 - 00000000 ____D C:\Users\Vishnukumar\AppData\Local\lptmp
2017-04-28 07:59 - 2017-03-25 16:09 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 07:59 - 2017-03-25 16:09 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-12-10 09:33 - 2017-04-28 10:38 - 18102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-05-24 13:26 - 2016-12-19 19:46 - 0000115 _____ () C:\Users\Vishnukumar\AppData\Roaming\LogFile.txt
2014-03-22 16:53 - 2014-03-22 16:53 - 0033193 _____ () C:\Users\Vishnukumar\AppData\Roaming\UserTile.png
2017-03-25 18:06 - 2017-03-25 18:06 - 0857090 _____ () C:\Users\Vishnukumar\AppData\Local\ars.cache
2017-03-25 18:07 - 2017-03-25 18:07 - 0697664 _____ () C:\Users\Vishnukumar\AppData\Local\census.cache
2017-03-25 17:50 - 2017-03-25 17:50 - 0000036 _____ () C:\Users\Vishnukumar\AppData\Local\housecall.guid.cache
2017-03-25 18:00 - 2017-03-25 18:00 - 0000010 _____ () C:\Users\Vishnukumar\AppData\Local\sponge.last.runtime.cache
2017-03-25 11:29 - 2017-03-25 11:29 - 0047044 _____ () C:\ProgramData\agent.1490466543.bdinstall.bin
2017-03-25 15:26 - 2017-03-25 15:26 - 0029150 _____ () C:\ProgramData\agent.1490480818.bdinstall.bin
2017-03-25 16:27 - 2017-03-25 16:27 - 0046744 _____ () C:\ProgramData\agent.1490484428.bdinstall.bin
2017-03-25 18:08 - 2017-03-25 18:08 - 0029152 _____ () C:\ProgramData\agent.1490490515.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-28 12:55
 
==================== End of FRST.txt ============================
Attached File  Addition_17-05-2017 12.55.38.txt   32.18KB   2 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 18 May 2017 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start by cleaning these entries.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Hosts: 54.225.95.126 gcbkfpidjhchgnokamccdemjfamackdh
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A9E5773D-0562-4329-802C-209E903B9F0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{65C7BE97-487C-40CA-59AD-274BB9F3FB6E}] - C:\Program Files (x86)\Select-N-Go-soft\158.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=02E02322CC26650A201B75534D968413
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
S3 NPF; system32\drivers\NPF.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 V2iMount; no ImagePath
Task: {59A35633-31F0-4BF4-9CFF-DCCFA1BE8DF4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe  <==== ATTENTION
Task: {8DCA1734-A6F1-4E39-8099-70DED9E47740} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Information-updater.job => C:\Program Files (x86)\Information\Information-updater.exe ?/runupdater /agentregpath='Information' /appid=50368 /srcid='000972' /subid='verticals-intext,pops,ads,shopping*bundledwith-50onred_v=ads,intext,pops,shopping' /zdata='0' /bic=61D6EE59927C4F48833088CCEEF211D9IE /verifier=dd53c5008f27e152706e7f80aa1ca691 /installerversion=1_34_2_13 /installationtime=1395113056 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxx... (long line)
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [238]
AlternateDataStreams: C:\ProgramData\Temp:D287FACF [102]
AlternateDataStreams: C:\ProgramData\Temp:D3A96964 [120]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
FirewallRules: [{B1CCEC13-225D-4935-97AF-0C2116C04285}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{3A15021A-A43B-4B41-8842-C3C34A712503}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Information

Hosts:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
====

Lets check the Windows update service.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Please post the logs and let me know what problem persists with this computer.

#3 Veo8888

Veo8888
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 18 May 2017 - 01:47 PM

Dear Nasdaq,

 

Thank you so very much for helping me.  I am currently working through your instructions.  It may take me a few hours.  Sorry for being slow.  Thanks again for your help and patience; I truly appreciate it.

 

-Veo



#4 Veo8888

Veo8888
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 18 May 2017 - 03:19 PM

Dear Nasdaq,

 

I ran into a little problem with Farbar's Service Scanner utility.  The computer's anti-virus (WEBROOT) says FSS.exe has a trojan and will not let me download it.  Should I turn off WEBROOT and download FSS.exe anyway?: Thanks again for your help and patience.

 

 

-Veo



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 19 May 2017 - 07:03 AM


The computer's anti-virus (WEBROOT) says FSS.exe has a trojan and will not let me download it. Should I turn off WEBROOT and download FSS.exe anyway?


The file was probably quarantined by Webroot.

Restore it as suggested on this page.

https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Managing-Quarantined-Items/ta-p/55120


You should now be able to run it.

#6 Veo8888

Veo8888
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 19 May 2017 - 10:12 AM

Dear Nasdaq,
Once again, thank you for your help and patience.  I have gone through the instructions in your post.  The computer in question seems to be running faster and smoother, as does its browsers.  Unfortunately, Windows Update still will not update.  Also, Windows Defender will not update.  Below are the logs you wanted.
 
FIXLOG:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Vishnukumar (18-05-2017 11:23:45) Run:1
Running from C:\Users\Vishnukumar\Downloads
Loaded Profiles: Vishnukumar (Available Profiles: Vishnukumar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Hosts: 54.225.95.126 gcbkfpidjhchgnokamccdemjfamackdh
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {A9E5773D-0562-4329-802C-209E903B9F0E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> {D1DC1301-CA33-414C-A32E-682AC7B237AF} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-4266382826-891097939-850599153-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{65C7BE97-487C-40CA-59AD-274BB9F3FB6E}] - C:\Program Files (x86)\Select-N-Go-soft\158.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-15&ent=hp&u=02E02322CC26650A201B75534D968413
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
S3 NPF; system32\drivers\NPF.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 V2iMount; no ImagePath
Task: {59A35633-31F0-4BF4-9CFF-DCCFA1BE8DF4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe  <==== ATTENTION
Task: {8DCA1734-A6F1-4E39-8099-70DED9E47740} - System32\Tasks\Information-updater => C:\Program Files (x86)\Information\Information-updater.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Information-updater.job => C:\Program Files (x86)\Information\Information-updater.exe ?/runupdater /agentregpath='Information' /appid=50368 /srcid='000972' /subid='verticals-intext,pops,ads,shopping*bundledwith-50onred_v=ads,intext,pops,shopping' /zdata='0' /bic=61D6EE59927C4F48833088CCEEF211D9IE /verifier=dd53c5008f27e152706e7f80aa1ca691 /installerversion=1_34_2_13 /installationtime=1395113056 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxx... (long line)
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [238]
AlternateDataStreams: C:\ProgramData\Temp:D287FACF [102]
AlternateDataStreams: C:\ProgramData\Temp:D3A96964 [120]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
FirewallRules: [{B1CCEC13-225D-4935-97AF-0C2116C04285}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{3A15021A-A43B-4B41-8842-C3C34A712503}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Information
 
Hosts:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key removed successfully
HKCR\CLSID\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key removed successfully
HKCR\Wow6432Node\CLSID\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key not found. 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4266382826-891097939-850599153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} => key removed successfully
HKCR\CLSID\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} => key not found. 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9E5773D-0562-4329-802C-209E903B9F0E} => key removed successfully
HKCR\CLSID\{A9E5773D-0562-4329-802C-209E903B9F0E} => key not found. 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key removed successfully
HKCR\CLSID\{D1DC1301-CA33-414C-A32E-682AC7B237AF} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{65C7BE97-487C-40CA-59AD-274BB9F3FB6E} => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Vishnukumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\NPF => key removed successfully
NPF => service removed successfully
HKLM\System\CurrentControlSet\Services\SR => key removed successfully
SR => service removed successfully
HKLM\System\CurrentControlSet\Services\srservice => key removed successfully
srservice => service removed successfully
HKLM\System\CurrentControlSet\Services\V2iMount => key removed successfully
V2iMount => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59A35633-31F0-4BF4-9CFF-DCCFA1BE8DF4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59A35633-31F0-4BF4-9CFF-DCCFA1BE8DF4} => key removed successfully
C:\Windows\System32\Tasks\LaunchApp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DCA1734-A6F1-4E39-8099-70DED9E47740} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCA1734-A6F1-4E39-8099-70DED9E47740} => key removed successfully
C:\Windows\System32\Tasks\Information-updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Information-updater => key removed successfully
C:\Windows\Tasks\Information-updater.job => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":D287FACF" ADS removed successfully.
C:\ProgramData\Temp => ":D3A96964" ADS removed successfully.
HKU\.DEFAULT\Software\Classes\exefile => key removed successfully
HKU\.DEFAULT\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-4266382826-891097939-850599153-1000\Software\Classes\.exe => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1CCEC13-225D-4935-97AF-0C2116C04285} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A15021A-A43B-4B41-8842-C3C34A712503} => value removed successfully
"C:\Program Files (x86)\MyPC Backup" => not found.
"C:\Program Files (x86)\Information" => not found.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8980197 B
Java, Flash, Steam htmlcache => 100525 B
Windows/system/drivers => 893650805 B
Edge => 0 B
Chrome => 415841302 B
Firefox => 390191670 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 80653582 B
systemprofile32 => 40832259 B
LocalService => 66228 B
NetworkService => 107452 B
Vishnukumar => 36755832 B
 
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-05-2017 11:32:17)
 
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 11:32:17 ====
 
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Vishnukumar (Administrator) on Thu 05/18/2017 at 12:52:15.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 24 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\apn (Folder) 
Successfully deleted: C:\ProgramData\myturbopc.com (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\ebay.lnk (Shortcut) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\pc fix speed (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\pc tech hotline (Folder) 
Successfully deleted: C:\ProgramData\updater (Folder) 
Successfully deleted: C:\Users\Vishnukumar\AppData\Local\emaze (Folder) 
Successfully deleted: C:\Users\Vishnukumar\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Vishnukumar\Appdata\LocalLow\IminentToolbar (Folder) 
Successfully deleted: C:\Users\Vishnukumar\AppData\Roaming\Mozilla\Firefox\Profiles\ct6rxdae.default-1463375202218\Invalidprefs.js (File) 
Successfully deleted: C:\Users\Vishnukumar\AppData\Roaming\myturbopc.com (Folder) 
Successfully deleted: C:\Users\Vishnukumar\AppData\Roaming\performersoft (Folder) 
Successfully deleted: C:\Users\Vishnukumar\Start Menu\Programs\weather alerts (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Select-N-Go_wd (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\bench (Folder) 
Successfully deleted: C:\Program Files (x86)\Common Files\umbrella (Folder) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\pcfixspeed (Folder) 
Successfully deleted: C:\Program Files (x86)\tidynetwork (Folder) 
Successfully deleted: C:\Program Files (x86)\ytdownloader (Folder) 
Successfully deleted: C:\Program Files\conduit (Folder) 
Successfully deleted: C:\Program Files\reimage (Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SPROTECTION (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\UPDATESERVICETOOL (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/18/2017 at 12:57:43.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
FSS:
Farbar Service Scanner Version: 27-01-2016
Ran by Vishnukumar (administrator) on 19-05-2017 at 07:55:58
Running from "C:\Users\Vishnukumar\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 20 May 2017 - 07:37 AM

Lets repair/reset some important Windows Services.

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#8 Veo8888

Veo8888
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 21 May 2017 - 11:26 AM

Dear Nasdaq,

 

Wow and phew!  Thank you so very much for all your help and patience.  The computer in question is now running much faster and smoother.  More importantly, both Windows Update and Windows Defender have updated and are running smoothly.

 

I just have one last question, please answer it at your leisure.  Currently the computer in question (a Windows 7 64-bit) is using WEBROOT.  Could you recommend a better anti-virus/anti-malware program or programs?  I am trying to decide between Kapersky and Bitdefender.  Thanks in advance.

 

Once again, thank you so very much for all your help and patience.  You and Aura (who helped me a year or two ago) are doing angelic work!  Thanks again!

 

 

-Veo



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:19 AM

Posted 22 May 2017 - 07:36 AM



Could you recommend a better anti-virus/anti-malware program or programs? I am trying to decide between Kapersky and Bitdefender.

Both of these programs are good. The principle is to keep them up to date.

You should review these recommendations.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users