Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIFI & Mouse Freq/Randomly Turns off Simultaneously


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dack

Dack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 25 May 2017 - 01:54 PM

Attached File  Addition.txt   33.93KB   1 downloadsWIFI & Mouse Pad Frequently and Randomly (about every 10-15 minutes) Turns off Simultaneously and I have to restart Laptop at least 2 times to get them to turn back on.  I have made sure that Windows cannot turn off WIFI to preserve energy.  I have run McAfee, disabled startup programs and "Cleaned" my Windows 10 from unwanted files/programs/deleted items.  The problem persists.  Thank you for your help.

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by Sue (administrator) on DESKTOP-9H42Q64 (25-05-2017 11:33:41)
Running from C:\Users\Sue\Downloads
Loaded Profiles: Sue (Available Profiles: Sue)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2017-04-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_73\bin\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKU\S-1-5-21-2767626095-461136230-805320126-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-2767626095-461136230-805320126-1001\...\Run: [Chromium] => c:\users\sue\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7f436910-af6d-46b8-a21c-8591d0c4858c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97c00a4b-2201-41d7-9573-a14bc80e24b7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2767626095-461136230-805320126-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2767626095-461136230-805320126-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {745050FD-2AE3-44AC-92E3-4BB9628520B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2767626095-461136230-805320126-1001 -> {745050FD-2AE3-44AC-92E3-4BB9628520B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb185?a=6OyWutiF7e&i=26","hxxp://mysearch.avg.com/?cid={F223577C-364E-427E-BC2D-3AE06F3A114C}&mid=3e3bbbdf842c4fadbeaec2f298e48e4c-ca9a42e1d109ca32ee480e2c56d2bfb842e31225&lang=en&ds=AVG&pr=fr&d=2013-05-24 13:19:31&v=15.2.0.8&pid=safeguard&sg=0&sap=hp","hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=45718a4d-3748-7fb4-4a21-a603e9621779&searchtype=hp&installDate=24/08/2013","hxxp://mystart.incredibar.com/?a=6Ozf7qgvlc&loc=skw","hxxp://speedial.com/?f=1&a=spd_dsites03_14_25_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyE0F0EtDtDzyyEtCtAyCtN0D0Tzu0SzytDtDtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyB0FzytB0C0AzztGyCtDyDzytGyD0AtDtCtGyBzytDtCtGyByEtAyCzzyE0EyCzztCzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtA0EyDyEzytCtG0DyE0CyDtG0CtA0DyDtGtCyCyCzztGtA0CyCtAyEyE0B0FtDyC0CyC2Q&cr=2076530427&ir=","hxxp://www.istart123.com/?type=hp&ts=1406347937&from=irs&uid=HitachiXHTS545050B9A300_110427PBN475P7CXMPDEX","hxxp://binkiland.com/?f=7&a=bnk_ggfc_15_12&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyE0F0EtDtDzyyEtCtAyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtAtAtAyDyE0CtCtGtCtAzztDtGtB0FtA0AtG0FtC0B0BtGtC0E0D0E0DtD0ByByB0FyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyDzzzyyC0F0AtGyEyE0DtDtGyEtDyEyDtGzy0CtA0BtG0DtBtDtB0A0C0ByEzztDyC0A2Q&cr=586201660&ir="
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-02-12]
CHR Extension: (Email This!) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2016-02-12]
CHR Extension: (Search Manager) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-13]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2767626095-461136230-805320126-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-08-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-04-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-04-14] (Realtek                                            )
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [418784 2017-04-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6561280 2016-12-29] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-01-26] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 11:23 - 2017-05-25 11:28 - 00035010 _____ C:\Users\Sue\Downloads\Addition.txt
2017-05-25 11:18 - 2017-05-25 11:33 - 00022748 _____ C:\Users\Sue\Downloads\FRST.txt
2017-05-25 11:17 - 2017-05-25 11:33 - 00000000 ____D C:\FRST
2017-05-25 11:17 - 2017-05-25 11:17 - 02429952 _____ (Farbar) C:\Users\Sue\Downloads\FRST64.exe
2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-05-19 13:09 - 2017-05-19 13:09 - 00000000 ____D C:\WINDOWS\Panther
2017-05-19 01:18 - 2017-05-19 01:18 - 01496584 _____ C:\Users\Sue\Downloads\avg-antivirus-free-64-bit.exe
2017-05-19 01:10 - 2017-05-19 01:10 - 00029140 _____ C:\ProgramData\agent.1495181450.bdinstall.bin
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\Users\Sue\AppData\Local\AvgSetupLog
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\Users\Sue\AppData\Local\Avg
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\ProgramData\Avg
2017-05-19 01:05 - 2017-05-19 01:06 - 01496584 _____ C:\Users\Sue\Downloads\download-avg-antivirus-free-32-bit.exe
2017-05-19 00:56 - 2017-05-19 00:56 - 00000000 ____D C:\Users\Sue\AppData\Roaming\QuickScan
2017-05-19 00:54 - 2017-05-19 00:54 - 00047737 _____ C:\ProgramData\agent.1495180476.bdinstall.bin
2017-05-19 00:54 - 2017-05-19 00:54 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-05-19 00:36 - 2017-05-19 00:36 - 00080011 _____ C:\Users\Sue\Downloads\produkey-x64.zip
2017-05-17 12:11 - 2017-05-17 12:11 - 00000000 ____D C:\Users\Sue\Desktop\Gannon Vile Recordings
2017-05-17 12:08 - 2017-05-17 12:09 - 00000000 ____D C:\Users\Sue\Desktop\pixs
2017-05-10 08:25 - 2017-05-10 08:25 - 00046682 _____ C:\Users\Sue\Downloads\wushowhide.diagcab
2017-05-09 11:23 - 2017-05-09 11:23 - 00000000 ____D C:\Users\Sue\AppData\Local\UNP
2017-05-09 11:15 - 2017-05-19 01:16 - 00000000 ____D C:\Program Files\UNP
2017-05-06 22:24 - 2017-05-06 22:24 - 62308530 _____ C:\Users\Sue\Downloads\Help Is On The Way.zip
2017-05-06 16:43 - 2017-05-06 16:44 - 00000000 ____D C:\Users\Sue\Desktop\Sues Karaoke Recordings
2017-05-03 15:17 - 2017-05-03 15:17 - 00000000 ____D C:\Users\Sue\Desktop\Karaoke
2017-04-28 12:10 - 2017-04-26 18:42 - 03245201 _____ C:\Users\Sue\Desktop\Hopelessly.m4a
2017-04-26 14:40 - 2017-04-26 14:40 - 05098839 _____ C:\Users\Sue\Downloads\Patsy Cline   Imagine That karaoke [karaoke].mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 11:10 - 2016-09-25 16:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-25 11:02 - 2015-07-15 23:09 - 02861692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-25 10:58 - 2016-01-26 22:04 - 00000000 ____D C:\Users\Sue\Documents\YouCam
2017-05-25 10:55 - 2016-09-25 16:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-25 10:55 - 2016-09-25 16:32 - 00000000 ____D C:\Users\Sue
2017-05-25 10:55 - 2016-01-26 22:02 - 00000000 __SHD C:\Users\Sue\IntelGraphicsProfiles
2017-05-25 10:54 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-25 08:12 - 2017-02-07 01:36 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C44A726-A425-4454-BC60-8E877D38CA07}
2017-05-24 22:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-24 22:17 - 2016-03-09 23:20 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2017-05-22 16:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-21 21:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-21 13:25 - 2017-04-12 21:16 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSue.job
2017-05-21 12:23 - 2017-04-12 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSue
2017-05-20 14:41 - 2016-01-26 23:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-05-20 11:06 - 2016-09-25 16:55 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-20 11:06 - 2016-09-25 16:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-19 13:11 - 2016-07-15 23:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-19 01:12 - 2016-05-15 12:21 - 00000000 ____D C:\Users\Sue\AppData\Roaming\SecondLife
2017-05-19 00:07 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\registration
2017-05-16 08:28 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-11 20:58 - 2016-01-26 22:16 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 20:58 - 2016-01-26 22:16 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 08:41 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 07:31 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 00:13 - 2017-04-15 19:06 - 00000000 ____D C:\$WINDOWS.~BT
2017-05-09 11:15 - 2016-01-27 10:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 11:10 - 2016-01-27 10:19 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-06 18:12 - 2017-01-05 18:13 - 00000000 ____D C:\Users\Sue\Documents\Sound recordings
2017-05-05 21:44 - 2016-09-25 16:55 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 14:55 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-03 14:45 - 2017-03-09 12:44 - 00000000 ____D C:\Users\Sue\Desktop\Beanies
2017-04-28 17:59 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 17:59 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 19:09 - 2016-09-25 16:55 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 19:09 - 2016-09-25 16:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-05-19 00:54 - 2017-05-19 00:54 - 0047737 _____ () C:\ProgramData\agent.1495180476.bdinstall.bin
2017-05-19 01:10 - 2017-05-19 01:10 - 0029140 _____ () C:\ProgramData\agent.1495181450.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-17 12:40
 
==================== End of FRST.txt ============================

Edited by Dack, 26 May 2017 - 01:05 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 30 May 2017 - 01:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647635 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Dack

Dack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 31 May 2017 - 12:30 AM

Attached File  Addition.txt   33.93KB   0 downloads

 

I still need help.
I've done nothing to try to correct the original problem listed because I have no idea what I CAN do.

Still having the same as the original problem posted, above.

I do not have the original Windows CD as the program is in the recovery drive, which may also be infected.  I did not back up my computer when I received it, as I was informed I should have done.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by Sue (administrator) on DESKTOP-9H42Q64 (25-05-2017 11:33:41)
Running from C:\Users\Sue\Downloads
Loaded Profiles: Sue (Available Profiles: Sue)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2017-04-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_73\bin\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKU\S-1-5-21-2767626095-461136230-805320126-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-2767626095-461136230-805320126-1001\...\Run: [Chromium] => c:\users\sue\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7f436910-af6d-46b8-a21c-8591d0c4858c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97c00a4b-2201-41d7-9573-a14bc80e24b7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2767626095-461136230-805320126-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2767626095-461136230-805320126-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vit_17_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0AtCtDtD0AyBzytBtD0BtN0D0Tzu0StCzytAyCtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StBzzyDzy0AtBtDyBtGtCyByDzytG0AyEtDyCtGtAyByD0BtG0DtAtCzzyE0EyC0CtDtAyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyByD0C0CyE0BtGyDtAtByBtGyEtAzy0EtGzz0C0AyEtG0E0C0BzyyEzzyDzy0ByCzzzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByBtDyE%26cr%3D1853106207%26a%3Dwbf_vit_17_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {745050FD-2AE3-44AC-92E3-4BB9628520B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2767626095-461136230-805320126-1001 -> {745050FD-2AE3-44AC-92E3-4BB9628520B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb185?a=6OyWutiF7e&i=26","hxxp://mysearch.avg.com/?cid={F223577C-364E-427E-BC2D-3AE06F3A114C}&mid=3e3bbbdf842c4fadbeaec2f298e48e4c-ca9a42e1d109ca32ee480e2c56d2bfb842e31225&lang=en&ds=AVG&pr=fr&d=2013-05-24 13:19:31&v=15.2.0.8&pid=safeguard&sg=0&sap=hp","hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=45718a4d-3748-7fb4-4a21-a603e9621779&searchtype=hp&installDate=24/08/2013","hxxp://mystart.incredibar.com/?a=6Ozf7qgvlc&loc=skw","hxxp://speedial.com/?f=1&a=spd_dsites03_14_25_ff&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyE0F0EtDtDzyyEtCtAyCtN0D0Tzu0SzytDtDtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyB0FzytB0C0AzztGyCtDyDzytGyD0AtDtCtGyBzytDtCtGyByEtAyCzzyE0EyCzztCzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtA0EyDyEzytCtG0DyE0CyDtG0CtA0DyDtGtCyCyCzztGtA0CyCtAyEyE0B0FtDyC0CyC2Q&cr=2076530427&ir=","hxxp://www.istart123.com/?type=hp&ts=1406347937&from=irs&uid=HitachiXHTS545050B9A300_110427PBN475P7CXMPDEX","hxxp://binkiland.com/?f=7&a=bnk_ggfc_15_12&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyE0F0EtDtDzyyEtCtAyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtAtAtAyDyE0CtCtGtCtAzztDtGtB0FtA0AtG0FtC0B0BtGtC0E0D0E0DtD0ByByB0FyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyDzzzyyC0F0AtGyEyE0DtDtGyEtDyEyDtGzy0CtA0BtG0DtBtDtB0A0C0ByEzztDyC0A2Q&cr=586201660&ir="
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-02-12]
CHR Extension: (Email This!) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2016-02-12]
CHR Extension: (Search Manager) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-13]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2767626095-461136230-805320126-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-08-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-04-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-04-14] (Realtek                                            )
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [418784 2017-04-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6561280 2016-12-29] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-01-26] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 11:23 - 2017-05-25 11:28 - 00035010 _____ C:\Users\Sue\Downloads\Addition.txt
2017-05-25 11:18 - 2017-05-25 11:33 - 00022748 _____ C:\Users\Sue\Downloads\FRST.txt
2017-05-25 11:17 - 2017-05-25 11:33 - 00000000 ____D C:\FRST
2017-05-25 11:17 - 2017-05-25 11:17 - 02429952 _____ (Farbar) C:\Users\Sue\Downloads\FRST64.exe
2017-05-25 10:58 - 2017-05-25 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-05-19 13:09 - 2017-05-19 13:09 - 00000000 ____D C:\WINDOWS\Panther
2017-05-19 01:18 - 2017-05-19 01:18 - 01496584 _____ C:\Users\Sue\Downloads\avg-antivirus-free-64-bit.exe
2017-05-19 01:10 - 2017-05-19 01:10 - 00029140 _____ C:\ProgramData\agent.1495181450.bdinstall.bin
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\Users\Sue\AppData\Local\AvgSetupLog
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\Users\Sue\AppData\Local\Avg
2017-05-19 01:09 - 2017-05-19 01:09 - 00000000 ____D C:\ProgramData\Avg
2017-05-19 01:05 - 2017-05-19 01:06 - 01496584 _____ C:\Users\Sue\Downloads\download-avg-antivirus-free-32-bit.exe
2017-05-19 00:56 - 2017-05-19 00:56 - 00000000 ____D C:\Users\Sue\AppData\Roaming\QuickScan
2017-05-19 00:54 - 2017-05-19 00:54 - 00047737 _____ C:\ProgramData\agent.1495180476.bdinstall.bin
2017-05-19 00:54 - 2017-05-19 00:54 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-05-19 00:36 - 2017-05-19 00:36 - 00080011 _____ C:\Users\Sue\Downloads\produkey-x64.zip
2017-05-17 12:11 - 2017-05-17 12:11 - 00000000 ____D C:\Users\Sue\Desktop\Gannon Vile Recordings
2017-05-17 12:08 - 2017-05-17 12:09 - 00000000 ____D C:\Users\Sue\Desktop\pixs
2017-05-10 08:25 - 2017-05-10 08:25 - 00046682 _____ C:\Users\Sue\Downloads\wushowhide.diagcab
2017-05-09 11:23 - 2017-05-09 11:23 - 00000000 ____D C:\Users\Sue\AppData\Local\UNP
2017-05-09 11:15 - 2017-05-19 01:16 - 00000000 ____D C:\Program Files\UNP
2017-05-06 22:24 - 2017-05-06 22:24 - 62308530 _____ C:\Users\Sue\Downloads\Help Is On The Way.zip
2017-05-06 16:43 - 2017-05-06 16:44 - 00000000 ____D C:\Users\Sue\Desktop\Sues Karaoke Recordings
2017-05-03 15:17 - 2017-05-03 15:17 - 00000000 ____D C:\Users\Sue\Desktop\Karaoke
2017-04-28 12:10 - 2017-04-26 18:42 - 03245201 _____ C:\Users\Sue\Desktop\Hopelessly.m4a
2017-04-26 14:40 - 2017-04-26 14:40 - 05098839 _____ C:\Users\Sue\Downloads\Patsy Cline   Imagine That karaoke [karaoke].mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 11:10 - 2016-09-25 16:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-25 11:02 - 2015-07-15 23:09 - 02861692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-25 10:58 - 2016-01-26 22:04 - 00000000 ____D C:\Users\Sue\Documents\YouCam
2017-05-25 10:55 - 2016-09-25 16:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-25 10:55 - 2016-09-25 16:32 - 00000000 ____D C:\Users\Sue
2017-05-25 10:55 - 2016-01-26 22:02 - 00000000 __SHD C:\Users\Sue\IntelGraphicsProfiles
2017-05-25 10:54 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-25 08:12 - 2017-02-07 01:36 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C44A726-A425-4454-BC60-8E877D38CA07}
2017-05-24 22:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-24 22:17 - 2016-03-09 23:20 - 00000000 ____D C:\Users\Sue\AppData\Local\ElevatedDiagnostics
2017-05-22 16:52 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-21 21:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-21 13:25 - 2017-04-12 21:16 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSue.job
2017-05-21 12:23 - 2017-04-12 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSue
2017-05-20 14:41 - 2016-01-26 23:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-05-20 11:06 - 2016-09-25 16:55 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-20 11:06 - 2016-09-25 16:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-19 13:11 - 2016-07-15 23:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-05-19 01:12 - 2016-05-15 12:21 - 00000000 ____D C:\Users\Sue\AppData\Roaming\SecondLife
2017-05-19 00:07 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\registration
2017-05-16 08:28 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-11 20:58 - 2016-01-26 22:16 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 20:58 - 2016-01-26 22:16 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 08:41 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 07:31 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 00:13 - 2017-04-15 19:06 - 00000000 ____D C:\$WINDOWS.~BT
2017-05-09 11:15 - 2016-01-27 10:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 11:10 - 2016-01-27 10:19 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-06 18:12 - 2017-01-05 18:13 - 00000000 ____D C:\Users\Sue\Documents\Sound recordings
2017-05-05 21:44 - 2016-09-25 16:55 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 14:55 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-03 14:45 - 2017-03-09 12:44 - 00000000 ____D C:\Users\Sue\Desktop\Beanies
2017-04-28 17:59 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 17:59 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 19:09 - 2016-09-25 16:55 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 19:09 - 2016-09-25 16:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-05-19 00:54 - 2017-05-19 00:54 - 0047737 _____ () C:\ProgramData\agent.1495180476.bdinstall.bin
2017-05-19 01:10 - 2017-05-19 01:10 - 0029140 _____ () C:\ProgramData\agent.1495181450.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-17 12:40
 
==================== End of FRST.txt ============================


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 04 June 2017 - 01:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users