Jump to content

ksp136

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I wanted to wait a few days/haven't been on my computer much thanks to running around for work a lot this week, but I haven't seen any pop ups when normally a ton would've occurred by now. So I'm guessing I'm good. I'll go ahead and follow the directions of the last post. Thank you sooooo much for your help!!
  2. So far so good but I haven't been on it for too long since running the fix. The mouse was good after the reboot. The Sophos AC scan came back clean with no problems or logs.
  3. Turns out, I completely missed the fix list and the FRST fix part of your previous post. That is now finished. Should I repeat the other steps? Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017 Ran by KP (14-02-2017 16:39:49) Run:1 Running from C:\Users\KP\Desktop Loaded Profiles: KP (Available Profiles: KP) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk /r \??\Z:autocheck autochk * Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1 CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square FirewallRules: [{102658C8-3BB8-4D33-8627-5634100246BD}] => LPort=1688 CMD: bitsadmin /reset /allusers CMD: ipconfig /flushDNS EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}\\DhcpNameServer => value removed successfully C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{102658C8-3BB8-4D33-8627-5634100246BD} => value removed successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {53CDD329-454E-4CB0-A5DC-55CEA4B65F3C} canceled. {4892C5A6-5253-4761-AD6F-D9F6E52F0409} canceled. {2C10BBF9-B93C-43BE-A3E7-7F0B39FC3CB0} canceled. 3 out of 3 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44669239 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 14174292 B Edge => 2123335 B Chrome => 771199943 B Firefox => 5761945 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 7680 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 4922 B NetworkService => 12 B KP => 40045228 B RecycleBin => 1978 B EmptyTemp: => 837.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:41:15 ====
  4. I totally forgot to upload that one and unfortunately I've already left for work and didn't take my laptop. I'll upload it later tonight.
  5. lI did all of that. Here are the logs. The last scan came back clean. Now my mouse doesn't seem to work in my web browser... Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/13/17 Scan Time: 5:05 PM Logfile: malwarebytes results.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1254 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: KP\KP -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 469942 Time Elapsed: 37 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.ParetoLogic, C:\USERS\KP\DOWNLOADS\PARETOLOGIC PC HEALTH ADVISOR.EXE, Delete-on-Reboot, [2415], [366058],1.0.1254 Physical Sector: 0 (No malicious items detected) (end) # AdwCleaner v6.043 - Logfile created 13/02/2017 at 18:03:39 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 10 Home (X64)w # Username : KP - KP # Running from : C:\Users\KP\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\KP\AppData\Local\avg web tuneup [-] Folder deleted: C:\Program Files\avg web tuneup [-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search [-] Folder deleted: C:\ProgramData\avg web tuneup [#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup [-] Folder deleted: C:\Program Files (x86)\avg web tuneup [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder deleted: C:\Users\KP\AppData\Local\app ***** [ Files ] ***** [-] File deleted: C:\TOSTACK [-] File deleted: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: YCMServiceAgent ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2709 Bytes] - [13/02/2017 18:03:39] C:\AdwCleaner\AdwCleaner[S0].txt - [2817 Bytes] - [13/02/2017 17:59:39] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2855 Bytes] ########## So far I haven't noticed any issues, but I also haven't really been on the computer as I fell asleep while it was doing the last scan. I'll def let you know though! malwarebytes results.txt AdwCleaner[C0].txt
  6. Hi Kevin! Thanks for the fast response! I've attached all three logs and copy pasted the FRST log only. See below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017 Ran by KP (administrator) on KP (13-02-2017 10:10:35) Running from C:\Users\KP\Desktop Loaded Profiles: KP (Available Profiles: KP) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Spotify Ltd) C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2016-05-24] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Google Update] => C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Spotify Web Helper] => C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-02] (Spotify Ltd) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [GoogleChromeAutoLaunch_7173795419EC2074CF4FDA28B9D73281] => C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) Startup: C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-10-23] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\KP\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: autocheck autochk /r \??\Z:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM-x32 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={54D293C5-FFFD-4FDA-AC7D-6DE2439757C2}&mid=c2dd5d01906a47cc8a0f61139c04f251-293647f61a89b3a8030879699880a6d128693694&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-12-09 15:50:07&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FireFox: ======== FF ProfilePath: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928 [2017-02-13] FF Extension: (Firefox Hotfix) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-06] FF Extension: (Youtube Unblocker Remediation) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\features\{3c8be9b8-1d17-42f5-a3fd-0b052fee393b}\malware-remediation@mozilla.org.xpi [2016-11-06] FF SearchPlugin: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml [2016-11-26] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=3 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=9 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: LWAPlugin15.8 -> C:\Users\KP\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\KP\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default [2017-02-13] CHR Extension: (Google Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-08] CHR Extension: (Entanglement Web App) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-12-08] CHR Extension: (Google Docs) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08] CHR Extension: (Google Drive) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08] CHR Extension: (YouTube) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08] CHR Extension: (Google Cast) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25] CHR Extension: (Adblock Plus) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Google Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08] CHR Extension: (Adobe Acrobat) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Pandora) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-12-08] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-21] CHR Extension: (Google Sheets) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08] CHR Extension: (Full Screen Weather) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-12-08] CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-02-10] CHR Extension: (Google Docs Offline) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (AdBlock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31] CHR Extension: (SwagButton) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-01-18] CHR Extension: (Learn Korean Free - KoreanClass101.com) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpllochhpaedhafkgknfalcfibdhmae [2015-12-08] CHR Extension: (TinEye Reverse Image Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-28] CHR Extension: (Pathuku - Connect the lines) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2015-12-08] CHR Extension: (Japanese Kana) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2015-12-08] CHR Extension: (Google Play Music) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-13] CHR Extension: (Little Alchemy) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-14] CHR Extension: (Skype) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-27] CHR Extension: (Poppit!) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-12-08] CHR Extension: (Hello Kitty) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld [2015-12-08] CHR Extension: (Ghostery) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-15] CHR Extension: (Mahjong Solitaire) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-12-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (imo free video calls and text) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2015-12-08] CHR Extension: (Gmail) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08] CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation) R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.) S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L) S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation) R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation) R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2016-07-07] (Intel Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation) S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.) S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-11] (Electronic Arts) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2016-05-24] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [173824 2017-01-09] (Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.) R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2016-07-07] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2016-07-07] (Intel Corporation) S2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-12-11] (Realtek ) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation ) S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows (R) Win 7 DDK provider) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-06] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-06] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 10:10 - 2017-02-13 10:11 - 00026533 _____ C:\Users\KP\Desktop\FRST.txt 2017-02-13 10:07 - 2017-02-13 10:10 - 00000000 ____D C:\FRST 2017-02-13 10:06 - 2017-02-13 10:06 - 02421248 _____ (Farbar) C:\Users\KP\Desktop\FRST64.exe 2017-02-13 00:38 - 2017-02-13 00:38 - 540134393 _____ C:\Users\KP\Desktop\KP-09-02-2017-14-27-.fbr 2017-02-10 20:41 - 2017-02-10 20:41 - 01465148 _____ C:\Users\KP\Downloads\Debt-Guide.pdf 2017-02-10 00:34 - 2017-02-10 00:34 - 00120740 _____ C:\Users\KP\Documents\cc_20170210_003359.reg 2017-02-09 22:05 - 2017-02-09 22:05 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\4F45CB54.sys 2017-02-09 22:05 - 2017-02-09 22:05 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\57018824.sys 2017-02-09 22:05 - 2017-02-09 22:05 - 00000000 ____D C:\KVRT_Data 2017-02-09 22:04 - 2017-02-09 22:05 - 108104160 _____ (Kaspersky Lab ZAO) C:\Users\KP\Downloads\KVRT.exe 2017-02-09 21:58 - 2017-02-09 21:58 - 13160824 _____ (ParetoLogic Inc.) C:\Users\KP\Downloads\ParetoLogic PC Health Advisor.exe 2017-02-09 21:43 - 2017-02-09 21:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\KP\Downloads\rkill.exe 2017-02-09 21:38 - 2017-02-09 21:39 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable (1).exe 2017-02-08 07:40 - 2017-02-08 07:43 - 00419148 _____ C:\WINDOWS\Minidump\020817-51078-01.dmp 2017-02-08 07:40 - 2017-02-08 07:40 - 1432010488 _____ C:\WINDOWS\MEMORY.DMP 2017-02-08 07:40 - 2017-02-08 07:40 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-07 23:22 - 2017-02-07 23:22 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2017-02-07 22:57 - 2017-02-07 22:57 - 00793696 _____ C:\Users\KP\Downloads\Kings_Cage_Red_Queen_3_022017_Victoria_Aveyard.epub 2017-02-07 22:56 - 2017-02-07 22:56 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\Program Files\HitmanPro 2017-02-07 22:54 - 2017-02-07 23:22 - 00000000 ____D C:\ProgramData\HitmanPro 2017-02-07 22:52 - 2017-02-07 22:54 - 11581544 _____ (SurfRight B.V.) C:\Users\KP\Downloads\hitmanpro_x64.exe 2017-02-06 01:29 - 2017-02-13 10:10 - 00945527 _____ C:\WINDOWS\ZAM.krnl.trace 2017-02-06 01:29 - 2017-02-13 10:10 - 00891959 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-06 01:29 - 2017-02-06 01:29 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable.exe 2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-02-06 01:29 - 2017-02-06 01:29 - 00000000 ____D C:\Users\KP\AppData\Local\Zemana 2017-02-06 01:24 - 2017-02-06 01:24 - 06771840 _____ (ESET spol. s r.o.) C:\Users\KP\Downloads\esetonlinescanner_enu.exe 2017-02-05 19:47 - 2017-02-05 19:47 - 03663455 _____ C:\Users\KP\Downloads\Student Council .pptx 2017-02-03 01:37 - 2017-02-09 13:15 - 00000000 ____D C:\ProgramData\Blueberry 2017-02-03 01:37 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\Documents\FlashBack Movies 2017-02-02 23:40 - 2017-02-03 01:51 - 00000000 ____D C:\Users\KP\AppData\Roaming\Blueberry 2017-02-02 23:40 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\AppData\Roaming\LogSys 2017-02-02 23:40 - 2017-02-02 23:40 - 00001454 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Recorder.lnk 2017-02-02 23:40 - 2017-02-02 23:40 - 00001444 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Player.lnk 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\WINDOWS\SysWOW64\ShellDD 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\LogSys 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\Program Files (x86)\Blueberry Software 2017-02-02 23:19 - 2017-02-02 23:39 - 23413360 _____ (Blueberry) C:\Users\KP\Downloads\bbfbpls5.exe 2017-02-02 22:44 - 2017-02-02 22:44 - 00028903 _____ C:\Users\KP\Downloads\Mr. Right (2015) [720p] [YTS.PE].torrent 2017-02-02 22:43 - 2017-02-02 22:43 - 00032717 _____ C:\Users\KP\Downloads\How to Be Single (2016) [720p] [YTS.PE].torrent 2017-02-02 22:36 - 2017-02-02 22:36 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-02 22:35 - 2017-02-02 22:36 - 08813488 _____ (Piriform Ltd) C:\Users\KP\Downloads\ccsetup526.exe 2017-02-02 19:51 - 2017-02-02 19:51 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile [Super Deluxe Edition] - 2016 2017-02-02 19:50 - 2017-02-02 20:01 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile (Target Edition) - 2015 2017-02-02 19:49 - 2017-02-02 19:53 - 00000000 ____D C:\Users\KP\Downloads\The Weeknd - Starboy (2016) 2017-02-02 19:48 - 2017-02-02 19:48 - 00011729 _____ C:\Users\KP\Downloads\the weeknd - starboy 2016 flac.torrent 2017-02-02 03:45 - 2017-02-02 03:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-02-01 00:38 - 2017-02-01 00:38 - 06294016 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys 2017-02-01 00:38 - 2017-02-01 00:38 - 01164800 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll 2017-01-30 22:20 - 2017-01-30 22:20 - 00143625 _____ C:\Users\KP\Desktop\vzbill_paper_5081_010617_013017222017.pdf 2017-01-30 21:58 - 2017-01-30 21:58 - 01016344 _____ C:\Users\KP\Desktop\December bank account.pdf 2017-01-30 19:17 - 2017-01-30 19:17 - 00000000 ____D C:\Users\KP\Downloads\BoxTops 2017-01-30 19:10 - 2017-01-30 19:10 - 00391370 _____ C:\Users\KP\Downloads\BoxTops.zip 2017-01-28 13:47 - 2017-01-28 13:47 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-01-28 13:47 - 2017-01-28 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-28 13:46 - 2017-01-28 13:47 - 00000000 ____D C:\Program Files\iTunes 2017-01-28 13:46 - 2017-01-28 13:46 - 00000000 ____D C:\Program Files\iPod 2017-01-28 13:43 - 2017-01-28 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-01-25 17:57 - 2017-01-25 22:13 - 00062351 _____ C:\Users\KP\Downloads\parent involvement survey (1).xlsx 2017-01-24 17:39 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-24 17:39 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-23 18:11 - 2017-01-23 18:11 - 00034355 _____ C:\Users\KP\Downloads\parent involvement survey.xlsx 2017-01-20 19:06 - 2017-01-20 19:07 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0 (1).exe 2017-01-18 19:05 - 2017-01-23 08:54 - 00000000 ____D C:\Users\KP\Documents\UserTesting 2017-01-18 19:03 - 2017-01-23 08:47 - 00000000 ____D C:\Users\KP\AppData\Local\UserTestingPlugin 2017-01-18 19:02 - 2017-01-18 19:03 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0.exe 2017-01-17 20:33 - 2017-01-17 20:33 - 29963203 _____ C:\Users\KP\Desktop\tonga.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 09:32 - 2016-10-09 10:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-13 00:01 - 2016-10-11 00:28 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-02-12 23:42 - 2016-06-02 20:40 - 00000000 ____D C:\ProgramData\MFAData 2017-02-10 22:25 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-10 00:33 - 2015-12-08 19:50 - 00000000 ____D C:\Users\KP\Desktop\virus stuff 2017-02-09 21:30 - 2015-12-08 20:30 - 00000000 ____D C:\Users\KP\Desktop\movies 2017-02-09 19:01 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-09 10:48 - 2016-01-04 15:55 - 00000000 ____D C:\Users\KP\AppData\Roaming\vlc 2017-02-09 10:32 - 2015-12-10 18:04 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKP.job 2017-02-09 10:28 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-02-08 07:52 - 2015-12-08 17:35 - 00000000 ____D C:\Users\KP\Documents\YouCam 2017-02-08 07:50 - 2016-10-23 12:11 - 00000000 ___RD C:\Users\KP\iCloudDrive 2017-02-08 07:49 - 2016-10-09 10:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-02-08 07:49 - 2015-12-08 17:34 - 00000000 __SHD C:\Users\KP\IntelGraphicsProfiles 2017-02-08 07:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-08 07:44 - 2016-10-09 10:22 - 00000000 ____D C:\Users\KP 2017-02-08 07:40 - 2016-10-09 10:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-06 23:13 - 2015-12-08 19:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-06 22:42 - 2016-01-03 09:13 - 00000000 ____D C:\Users\KP\Desktop\games 2017-02-06 00:57 - 2015-12-09 23:13 - 00000000 ____D C:\Users\KP\AppData\Roaming\uTorrent 2017-02-02 22:35 - 2016-10-31 18:15 - 00000000 ____D C:\Users\KP\AppData\Local\Spotify 2017-02-02 20:51 - 2016-10-31 18:14 - 00000000 ____D C:\Users\KP\AppData\Roaming\Spotify 2017-02-02 17:33 - 2015-12-08 17:47 - 00002491 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-31 01:22 - 2016-01-20 15:35 - 00000000 ____D C:\Users\KP\AppData\Local\ElevatedDiagnostics 2017-01-31 01:07 - 2016-06-02 20:38 - 00000000 ____D C:\Users\KP\AppData\Local\AvgSetupLog 2017-01-30 22:28 - 2016-02-13 12:17 - 00000000 ____D C:\Users\KP\Desktop\being an adult 2017-01-30 18:49 - 2016-08-02 17:09 - 00000000 ____D C:\Users\KP\Desktop\PHENND 2017-01-28 13:46 - 2015-12-08 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-01-25 18:30 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-19 19:27 - 2015-12-28 14:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 09:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-19 00:04 - 2016-06-02 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-01-18 18:30 - 2016-12-14 00:14 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-18 18:30 - 2015-12-08 17:39 - 00002407 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-18 18:30 - 2015-12-08 17:39 - 00000000 ___RD C:\Users\KP\OneDrive 2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ____D C:\ProgramData\Skype 2017-01-16 07:14 - 2015-07-16 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-16 07:10 - 2017-01-09 12:30 - 00000608 _____ C:\WINDOWS\Tasks\WpsExternal_KP_20170109123037.job 2017-01-16 07:10 - 2017-01-09 12:30 - 00000414 _____ C:\WINDOWS\Tasks\WpsUpdateTask_KP.job 2017-01-16 07:10 - 2016-10-23 14:08 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-01-16 07:10 - 2016-10-23 14:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-16 07:10 - 2016-06-14 23:27 - 00000730 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_KP.job 2017-01-16 07:09 - 2016-10-09 10:13 - 00366288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-15 23:25 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-15 23:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2016-12-04 22:57 - 2016-12-04 22:58 - 0000003 _____ () C:\Users\KP\AppData\Local\run1.txt ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-06 23:04 ==================== End of FRST.txt ============================ Addition.txt SearchReg.txt FRST.txt
  7. Hi! About a month ago my computer began randomly flashing the cmd window, usually about 3-6 windows will quickly open and close. I've run various scans and the return is always clean but the flashes continue. I recorded my screen to "catch" the pop ups so I could see what they say. It's something about bitsadmin... I've attached the screen shot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.