Jump to content

Recommended Posts

I have a Windows XP computer (don't judge - ha ha), I had a couple of days where McAfee expired, and I think something got in during that time (ugh). Random Gaming windows will open in Chrome. Ran MalwareBytes, found a lot of stuff, removed it, rebooted, but still happening. After the reboot, McAfee didn't start up, and when I try to start it, says it's not a valid 32-bit file. Tried to reinstall, says it can't reach the server.

FRST File is below, and FRST And Additional txt files are attached. 

If anyone can help me, I'd be very grateful!

---------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2016
Ran by Family (administrator) on WILLARD (26-10-2016 21:19:51)
Running from C:\Documents and Settings\Family\My Documents\Downloads
Loaded Profiles: Family (Available Profiles: Family & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
() C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{275BCA58-D451-4370-8D32-CD63707715FC}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(PIXELA CORPORATION) C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\Mcafee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\SWTOOLS\APPS\antivirus\McAfee\US\MODULECUST\execcmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Family\My Documents\Downloads\_FRST.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\DOCUME~1\Family\LOCALS~1\Temp\TMP159~1\setup.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-09] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-09] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [CameraApplicationLauncher] => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2009-02-02] ()
HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-19] (ATK0101)
HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] => C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [335872 2008-10-26] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] => C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2008-10-26] ()
HKLM\...\Run: [CreateLMBCShortCut] => C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [40960 2009-04-03] ()
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [159744 2009-02-27] (Lenovo )
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-06-26] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2009-02-27] (Lenovo )
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll [2008-06-24] (UPEK Inc.)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06] ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08] (Lenovo Group Limited)
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\...\Run: [Google Update] => C:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\...\Run: [CE5355CD57499E70BC13F46D79981E203B128D8E._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
Lsa: [Notification Packages] scecli psqlpwd ACGina
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2012-09-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor 3.lnk [2012-09-15]
ShortcutTarget: Device Monitor 3.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2016-10-26]
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A25CFF2E-FF32-432A-A374-7454593E5146}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/
URLSearchHook: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP" <======= ATTENTION
HKU\S-1-5-21-2440387278-2705885585-244963001-1005\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> DefaultScope {F0BCE6B5-5049-4370-876A-CF1F5D1D1ED8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US714D20140721&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> {6D60CF5D-2D28-4BA5-A48D-1A8CEABD29A3} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> {F0BCE6B5-5049-4370-876A-CF1F5D1D1ED8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_16_43&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtCzz0F0EtD0B0D0A0B0EzztDtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtDtCyByDtA0DtCtGyE0ByB0CtG0EyD0AtDtGyD0AtB0BtG0FtCzytDtDtA0FyC0B0D0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyzzyCzz0B0DzztG0BtByCzytGyE0F0CyCtGzzyBtAtCtGzy0AyD0Fzy0D0DtCtCzz0BtB2QtN0A0LzutB%26cr%3D1431573204%26a%3Dwbf_bitmontr_16_43%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13] (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2440387278-2705885585-244963001-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2015-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-10-10] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2008-09-11] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2440387278-2705885585-244963001-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Family\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-07-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-2440387278-2705885585-244963001-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Family\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2440387278-2705885585-244963001-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Family\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2440387278-2705885585-244963001-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2440387278-2705885585-244963001-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Family\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Family\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Family\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Ambi RPN Calculator and Language - App) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aokcjmokdgifeicfnimemnccmphimefn [2013-02-10]
CHR Extension: (Google Drive) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Desmos Graphing Calculator) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2013-08-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Ezy Arcade Advertising) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clbggfpojmcbaibajmbfkohinhmhpbba [2016-10-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (WGT Golf Challenge) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2012-12-22]
CHR Extension: (Got Game Cheats Advertising) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkppaichiggdedoinmapecnpaaedkogo [2016-10-21]
CHR Extension: (Google News) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Zillow) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh [2013-02-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Planner 5D - Interior Design) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-12]
CHR Extension: (Tabby Cat) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2016-10-10]
CHR Extension: (Google Drawings) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-10-16]
CHR Extension: (Financial Calculator) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2016-04-10]
CHR Extension: (Google Reader) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2013-01-06]
CHR Extension: (Gmail) - C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-09-15]
CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2012-05-01]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2440387278-2705885585-244963001-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2440387278-2705885585-244963001-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2009-02-27] (Lenovo ) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [217088 2009-02-27] (Lenovo ) [File not signed]
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2016-10-05] (Byte Technologies LLC)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-09-06] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-06-26] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-09-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel(R) Corporation) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-11-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
R2 XYNTService; C:\Documents and Settings\Administrator\Local Settings\Temp\{275BCA58-D451-4370-8D32-CD63707715FC}\{061A431C-86E7-4DB4-92B8-36DE783865CF}\STK2135\Win2KXP\stk2135bsrv.exe [86016 2009-03-27] () [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2013-10-10] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2013-10-10] (Cisco Systems, Inc.)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2009-02-27] (IBM Corp.) [File not signed]
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [990632 2008-03-27] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DCamUSBGene; C:\WINDOWS\System32\DRIVERS\usbstk.sys [173584 2008-07-31] ()
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-24] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2009-02-27] () [File not signed]
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-03-04] (Intel Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2012-09-06] (Microsoft Corporation) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12560 2008-06-24] (UPEK Inc.)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () [File not signed]
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
U3 mfeapfk01; no ImagePath
U0 mfewfpk; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 21:33 - 2016-10-26 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ByteFence
2016-10-26 21:32 - 2016-10-26 21:32 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt
2016-10-26 21:25 - 2016-10-26 21:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2016-10-26 21:22 - 2016-10-26 21:22 - 00000000 ____D C:\Documents and Settings\Family\Local Settings\Application Data\chromium
2016-10-26 21:20 - 2016-10-26 21:20 - 00001461 _____ C:\Documents and Settings\All Users\Start Menu\Programs\HowToRemove.html.lnk
2016-10-26 21:20 - 2016-10-26 21:20 - 00000000 ____D C:\Documents and Settings\Family\Local Settings\Application Data\Setup1923250
2016-10-26 21:19 - 2016-10-26 21:33 - 00000000 ____D C:\Program Files\ByteFence
2016-10-26 21:19 - 2016-10-26 21:20 - 00000000 ____D C:\Documents and Settings\Family\Local Settings\Application Data\saco
2016-10-26 21:19 - 2016-10-26 21:20 - 00000000 ____D C:\Documents and Settings\Family\Local Settings\Application Data\{E02AD676-C482-BACE-A91A-9F268D7263BE}
2016-10-26 21:19 - 2016-10-26 21:19 - 00000000 ____D C:\FRST
2016-10-26 21:17 - 2016-10-26 21:17 - 01159128 _____ ( ) C:\Documents and Settings\Family\Desktop\FRST.exe
2016-10-26 21:09 - 2016-10-26 21:09 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\Family\Desktop\McAfeeSetup-AutoLogin.exe
2016-10-26 21:03 - 2016-10-26 21:04 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\Family\Desktop\Setup_serial_wlRF4TBWy2TUKA8Vdv-a4A2_key.exe
2016-10-26 20:48 - 2016-10-26 20:48 - 00000000 ____D C:\Avenger
2016-10-26 18:21 - 2016-10-26 18:23 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 18:20 - 2016-10-26 18:20 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-26 18:20 - 2016-10-26 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 18:20 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-26 18:19 - 2016-10-26 18:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-28 11:36 - 2016-09-28 11:36 - 00354501 _____ C:\Documents and Settings\Family\Desktop\SCYTFC Rankings 2016 - Week 2.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 21:35 - 2012-09-06 20:03 - 00000000 ____D C:\Documents and Settings\Family\Local Settings\Temp
2016-10-26 21:25 - 2012-09-06 19:43 - 17984332 _____ C:\sysiclog.txt
2016-10-26 21:13 - 2014-11-11 13:56 - 00000516 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2440387278-2705885585-244963001-1005.job
2016-10-26 21:10 - 2012-09-11 18:56 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-26 21:07 - 2012-09-06 20:04 - 00000256 _____ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2016-10-26 21:00 - 2013-01-04 20:01 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2440387278-2705885585-244963001-1005UA.job
2016-10-26 20:56 - 2012-09-11 18:57 - 00000000 ___RD C:\Documents and Settings\Family\My Documents\Google Drive
2016-10-26 20:53 - 2013-01-09 20:04 - 00000000 ____D C:\Documents and Settings\Family\Application Data\Skype
2016-10-26 20:53 - 2012-09-06 19:41 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2016-10-26 20:52 - 2008-07-21 15:50 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2016-10-26 20:48 - 2014-04-21 07:18 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-10-26 20:48 - 2012-09-11 18:56 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-26 20:48 - 2012-09-08 08:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973507$
2016-10-26 20:48 - 2012-09-06 20:04 - 00005720 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2016-10-26 20:48 - 2008-07-21 15:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-26 20:47 - 2008-07-21 15:05 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-26 20:46 - 2013-11-25 23:23 - 03997696 _____ C:\WINDOWS\system32\config\ACVPN.evt
2016-10-26 20:45 - 2014-04-25 18:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-26 20:42 - 2015-01-27 02:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2016-10-26 18:20 - 2012-09-17 01:49 - 00000000 ____D C:\Documents and Settings\Family\Application Data\Malwarebytes
2016-10-26 18:19 - 2012-09-17 01:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-10-26 17:50 - 2012-09-06 20:03 - 00000000 ___RD C:\Documents and Settings\Family\My Documents
2016-10-24 14:59 - 2013-01-04 20:01 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2440387278-2705885585-244963001-1005Core.job
2016-10-22 17:10 - 2014-04-29 16:15 - 00000000 ____D C:\Documents and Settings\Family\My Documents\Kimberly
2016-10-22 16:17 - 2008-07-21 07:51 - 00000000 ____D C:\WINDOWS\Network Diagnostic
2016-10-18 16:37 - 2016-03-13 19:55 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-10-11 14:45 - 2012-09-20 12:55 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-11 14:45 - 2012-09-20 12:55 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-11 14:45 - 2008-07-21 15:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-10 07:50 - 2008-07-21 07:51 - 00000000 ___HD C:\WINDOWS\inf
2016-10-10 07:49 - 2012-09-06 20:17 - 00000000 ____D C:\Program Files\McAfee
2016-10-10 07:49 - 2012-09-06 20:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2016-10-08 15:00 - 2014-04-21 07:18 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-10-06 12:52 - 2013-03-20 20:40 - 00000000 ____D C:\Documents and Settings\Family\My Documents\Lisa
2016-10-01 14:54 - 2014-05-14 07:11 - 00020992 _____ C:\Documents and Settings\Family\My Documents\kjwtimes.xls

==================== Files in the root of some directories =======

2012-09-06 20:56 - 2016-08-27 21:57 - 0033792 _____ () C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 19:13 - 2013-11-25 23:27 - 0000600 _____ () C:\Documents and Settings\Family\Local Settings\Application Data\PUTTY.RND
2013-01-01 14:15 - 2009-04-03 15:19 - 0605056 _____ () C:\Documents and Settings\Family\Local Settings\Application Data\wanancsp.dat

Some files in TEMP:
====================
C:\Documents and Settings\Family\Local Settings\Temp\0206841476110961mcinst.exe
C:\Documents and Settings\Family\Local Settings\Temp\DelayInst.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition_26-10-2016 21.42.08.txt

FRST_26-10-2016 21.42.08.txt

Link to post
Share on other sites

  • Root Admin

Not judging @lmwil but more and more tools for scanning and cleaning have stopped supporting it too which makes cleaning it harder than it used to be.

Please try the following.

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

So far, so good -- also after re-opening (not re-starting, but upon coming out of sleep), McAfee seems to be back, so that's good.

I don't have Firefox, but have both IE and Chrome, so went through the steps as listed above for those, and so far, haven't seen the problem recur (but that's the extra computer, so won't know much more until the kids start using it for homework).

Thanks!!!

Link to post
Share on other sites

  • Root Admin

Hi Wil,

We can do some other scans to see if there is junk there deeper to remove. Please take a look at the following and run it when you have some time.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.