Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google chrome keep opening new window


  • This topic is locked This topic is locked
2 replies to this topic

#1 BHeart

BHeart

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 28 July 2017 - 10:04 PM

Hi,

 

from last couple of months, I a having issues with my system. web browser windows pop us by it self and if I try to click on a link it opens a different window. overall system takes longer time to execute a task. I haven't run an anti virus, so not sure whether it is due to some virus or otherwise.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017

Ran by Kashif (administrator) on VIRUS (28-07-2017 20:49:50)
Running from C:\Users\Kashif\Desktop
Loaded Profiles: Kashif (Available Profiles: Kashif)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(© 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Brother\BPRSP\resources\BrSupSsp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\Run: [BingSvc] => C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\Run: [GoogleChromeAutoLaunch_4A8D2AB2CC5EC55BB7C1AD8297354C7B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1027928 2017-06-22] (Google Inc.)
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-04-10]
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{1B36AA4A-7D9D-4596-B11F-BE9EAE44FA02}: [DhcpNameServer] 192.168.1.254 75.153.171.122
 
Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1094969558-3671782124-3186262923-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Kashif\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-03-06] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://ohnbkeejpkmclbhjapfbgpdmlakfagao/start/index.html", Not-active:"chrome-extension://bbhleiekcbdhhmhpodmcnmipiodipifd/newtab/newtab.html", Not-active:"chrome-extension://ppgplhcfmaadpnkmnkhgadmaekeldbnh/stubby.html", Not-active:"chrome-extension://cpdmooaefpilleajjbcmbpnjiillmbak/stubby.html", Not-active:"chrome-extension://hhjnhpofkbonfdlgpgicdhddoagmipbi/stubby.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html", Not-active:"chrome-extension://ijjnmdphpnlnelhbhefnfmimenjgbfcn/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-09]
CHR Extension: (Google Drive) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MySearch) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbgbjmaflmngclfepbgjlpoofmlkijhn [2016-10-06]
CHR Extension: (Seen On Screen) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhleiekcbdhhmhpodmcnmipiodipifd [2016-10-27]
CHR Extension: (YouTube) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (OnlineMapFinder) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-05-17]
CHR Extension: (Daily Horoscopes) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbhlpceecpkhkgebgmnjooilcpofmee [2017-04-17]
CHR Extension: (Google Search) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (DownSpeedTest) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpdmooaefpilleajjbcmbpnjiillmbak [2017-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-28]
CHR Extension: (Pinterest Save Button) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
CHR Extension: (BringMeSports) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhjnhpofkbonfdlgpgicdhddoagmipbi [2017-06-07]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2017-07-28]
CHR Extension: (MapsGalaxy) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (StartMeeting.com Extension) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2015-12-08]
CHR Extension: (Nature Wallpapers HD New Tab Themes) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnbkeejpkmclbhjapfbgpdmlakfagao [2017-07-28]
CHR Extension: (Gmail) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR Extension: (Chrome Media Router) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR Extension: (TelevisionFanatic) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2017-05-25]
CHR HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-28 20:49 - 2017-07-28 20:51 - 00013421 _____ C:\Users\Kashif\Desktop\FRST.txt
2017-07-28 20:48 - 2017-07-28 20:49 - 00000000 ____D C:\FRST
2017-07-28 20:47 - 2017-07-28 20:47 - 02381312 _____ (Farbar) C:\Users\Kashif\Desktop\FRST64.exe
2017-07-19 14:14 - 2017-07-19 14:14 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-07-19 14:14 - 2017-07-19 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-07-19 14:12 - 2017-07-19 14:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-28 20:28 - 2015-04-08 16:14 - 00000000 ____D C:\Users\Kashif\AppData\Roaming\Skype
2017-07-28 20:24 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-19 14:15 - 2009-07-13 22:45 - 00017088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-19 14:15 - 2009-07-13 22:45 - 00017088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-19 14:14 - 2015-11-11 16:17 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-07-19 14:13 - 2016-03-21 19:48 - 00000000 ___RD C:\Users\Kashif\Documents\Scanned Documents
2017-07-12 11:56 - 2009-07-13 23:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 11:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-07-06 14:45 - 2015-04-09 18:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-06 14:45 - 2015-04-09 18:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
Some files in TEMP:
====================
2015-11-11 16:54 - 2015-11-11 16:54 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Temp\BingSvc.exe
2015-10-06 16:24 - 2015-11-11 16:54 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Temp\BSvcProcessor.exe
2015-10-06 16:24 - 2015-11-11 16:54 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Temp\BSvcUpdater.exe
2015-07-26 21:38 - 2015-04-07 23:23 - 0037984 _____ (Irfan Skiljan, IrfanView) C:\Users\Kashif\AppData\Local\Temp\iv_uninstall.exe
2015-09-29 16:28 - 2016-05-10 16:34 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Kashif\AppData\Local\Temp\SkypeSetup.exe
2017-03-02 19:28 - 2017-03-15 22:04 - 14456872 _____ (Microsoft Corporation) C:\Users\Kashif\AppData\Local\Temp\vc_redist.x86.exe
2012-08-16 03:34 - 2012-08-16 03:34 - 0455600 ____R (Macrovision Corporation) C:\Users\Kashif\AppData\Local\Temp\_is3045.exe
2012-08-16 03:34 - 2012-08-16 03:34 - 0455600 ____R (Macrovision Corporation) C:\Users\Kashif\AppData\Local\Temp\_is5D9B.exe
2012-08-16 03:34 - 2012-08-16 03:34 - 0455600 ____R (Macrovision Corporation) C:\Users\Kashif\AppData\Local\Temp\_isE54.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-04-28 19:31
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Kashif (28-07-2017 20:52:21)
Running from C:\Users\Kashif\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-04-07 03:04:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1094969558-3671782124-3186262923-500 - Administrator - Disabled)
Guest (S-1-5-21-1094969558-3671782124-3186262923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1094969558-3671782124-3186262923-1002 - Limited - Enabled)
Kashif (S-1-5-21-1094969558-3671782124-3186262923-1001 - Administrator - Enabled) => C:\Users\Kashif
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.0.0000 - Brother Industries, Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.587.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Zoom (HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-08-30] (Microsoft Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-08-30] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-08-30] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06F2BC1D-6437-4542-AAC6-995B7EB13135} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {165278E1-39EE-4ABD-A2C9-2F63B04EFF52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {78824B16-48C0-4964-B2E5-9F1046186E18} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {878A92E4-88E0-4A75-97D6-E1999902DBB1} - System32\Tasks\{E655A820-BE51-4FEA-9AB7-893AF1F81FD0} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.10.64.101/en/abandoninstall?page=tsProgressBar
Task: {A1A9A284-4B82-438D-A4F0-12CD4631395B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {AB47E4DA-C353-4776-9EC4-C3541F34D947} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {B307B006-EC06-406B-971A-E57797E1EE9F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-07-04 11:38 - 2008-07-04 11:38 - 00065536 _____ () C:\Brother\BPRSP\resources\BrSupSsp.exe
2017-05-03 14:14 - 2017-05-03 14:14 - 01993176 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2015-04-10 00:42 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-07-06 14:45 - 2017-06-22 20:21 - 02117464 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-07-06 14:45 - 2017-06-22 20:21 - 00112472 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2017-07-19 14:14 - 00000887 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{924ED14E-3CD5-4CA5-BF33-7B31B57822D8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{95887C67-A745-482F-8C6A-7B2A78B3A544}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-03-2017 21:24:40 Windows Update
29-03-2017 16:05:47 Windows Update
05-04-2017 16:12:51 Windows Update
14-04-2017 19:24:20 Windows Update
28-04-2017 15:16:27 Windows Update
08-05-2017 08:06:39 Windows Update
25-05-2017 23:19:09 Windows Update
30-05-2017 23:14:14 Windows Update
07-06-2017 17:11:26 Windows Update
14-06-2017 07:57:48 Windows Update
25-06-2017 09:56:32 Windows Update
06-07-2017 12:32:25 Windows Update
19-07-2017 14:11:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2017 08:31:01 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C533) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (07/28/2017 08:31:01 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C533
 
Error: (07/28/2017 08:25:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/19/2017 02:07:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/12/2017 10:43:09 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x800706BE
 
Error: (07/12/2017 10:39:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: InstallerWrapperService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
   at ISecG.Installer.Library.Reporting.MixPanel..ctor()
   at ISecG.Installer.Library.Utilities.Helper.LogInfoToMixPanel(System.String, Boolean, System.String)
   at ISecG.TrueKey.InstallerWrapperService.InstallerSvc.BeginInstallation()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (07/12/2017 04:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/12/2017 11:54:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/12/2017 02:26:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/11/2017 05:12:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/28/2017 08:27:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (07/19/2017 02:14:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (07/19/2017 02:14:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.247.1082.0).
 
Error: (07/19/2017 02:14:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.556.0
 
Update Source: Microsoft Update Server
 
Update Stage: Install
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (07/12/2017 10:43:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (07/12/2017 10:42:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service Installer Wrapper TrueKey service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/12/2017 10:36:14 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
 
Feature: On Access
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Error: (07/12/2017 10:35:31 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
 
Feature: On Access
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Error: (07/12/2017 04:36:33 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
 
Feature: On Access
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Error: (07/12/2017 04:31:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 78%
Total physical RAM: 1912.88 MB
Available physical RAM: 404.51 MB
Total Virtual: 3825.75 MB
Available Virtual: 1977.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:233.17 GB) (Free:172.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:128.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F90D3CF3)
Partition 1: (Active) - (Size=233.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 29 July 2017 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\Run: [BingSvc] => C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default ->  Active:"chrome-extension://ohnbkeejpkmclbhjapfbgpdmlakfagao/start/index.html", Not-active:"chrome-extension://bbhleiekcbdhhmhpodmcnmipiodipifd/newtab/newtab.html", Not-active:"chrome-extension://ppgplhcfmaadpnkmnkhgadmaekeldbnh/stubby.html", Not-active:"chrome-extension://cpdmooaefpilleajjbcmbpnjiillmbak/stubby.html", Not-active:"chrome-extension://hhjnhpofkbonfdlgpgicdhddoagmipbi/stubby.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklc... (long line)
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (MySearch) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbgbjmaflmngclfepbgjlpoofmlkijhn [2016-10-06]
CHR Extension: (MapsGalaxy) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR Extension: (TelevisionFanatic) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2017-05-25]
CHR HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)

===

Please let me know if the problem persists.

#3 BHeart

BHeart
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 03 August 2017 - 02:30 PM

Hi nasdaq,

 

Thanks for your support, i have ran the fix and will observe system performance over next few days.

 

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017

Ran by Kashif (03-08-2017 12:58:52) Run:1
Running from C:\Users\Kashif\Desktop
Loaded Profiles: Kashif (Available Profiles: Kashif)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(� 2015 Microsoft Corporation) C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\...\Run: [BingSvc] => C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (� 2015 Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default ->  Active:"chrome-extension://ohnbkeejpkmclbhjapfbgpdmlakfagao/start/index.html", Not-active:"chrome-extension://bbhleiekcbdhhmhpodmcnmipiodipifd/newtab/newtab.html", Not-active:"chrome-extension://ppgplhcfmaadpnkmnkhgadmaekeldbnh/stubby.html", Not-active:"chrome-extension://cpdmooaefpilleajjbcmbpnjiillmbak/stubby.html", Not-active:"chrome-extension://hhjnhpofkbonfdlgpgicdhddoagmipbi/stubby.html", Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklc... (long line)
CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxp://search.mysearch.com
CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (MySearch) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbgbjmaflmngclfepbgjlpoofmlkijhn [2016-10-06]
CHR Extension: (MapsGalaxy) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR Extension: (TelevisionFanatic) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2017-05-25]
CHR HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Kashif\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
Chrome NewTab => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => not found.
CHR Extension: (MySearch) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbgbjmaflmngclfepbgjlpoofmlkijhn [2016-10-06] => Error: No automatic fix found for this entry.
CHR Extension: (MapsGalaxy) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2017-05-30] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28] => Error: No automatic fix found for this entry.
CHR Extension: (TelevisionFanatic) - C:\Users\Kashif\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh [2017-05-25] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1094969558-3671782124-3186262923-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 104756509 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1720188068 B
Edge => 0 B
Chrome => 346225254 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 594001237 B
Kashif => 888356847 B
 
RecycleBin => 0 B
EmptyTemp: => 3.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:05:16 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users