Jump to content

Recommended Posts

Hello, I am still getting Redircted and new tabs opening, sometimes on there own, sometimes when clicking on a link where I want to go. I run MB but the problems still persist. 1 other problem is I can connect to the schools Network and view any site or page except the Schools website or homepage. Their IT looked at my computer and they couldn't figure out why it wont connect. There guess is it might be infected and could I leave with them for about a week. I didn,t trust them that they could fix this. ( Studetnt's working on this).

Thank you for your assistance with this. 

Link to post
Share on other sites

Hello DouglasW and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Here is the FRST Log and the attached Additional.txt file.

Thanks for the fast response. Happy hunting.

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Douglas (administrator) on DADSLAPTOP (12-02-2017 14:14:05)
Running from C:\Users\Douglas\Desktop
Loaded Profiles: Douglas & postgres (Available Profiles: Douglas & postgres)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe
(Red Hat®, Inc.) C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-as\bin\jbosssvc.exe
() C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Oracle Corporation) C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-as\jre7\bin\java.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\Douglas\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Douglas\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6623112 2016-10-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [425608 2014-10-03] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2312408 2014-06-26] (Hewlett-Packard)
HKLM-x32\...\Run: [Discover HP Touchpoint Manager] => C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe [421000 2014-09-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Douglas\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\RunOnce: [Uninstall C:\Users\Douglas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Douglas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-02] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 93.115.31.195 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{041f9fdd-980f-480d-80b2-709b61edf4b5}: [DhcpNameServer] 93.115.31.195 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/1
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/1
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-06-26] (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-09-24] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-09] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2016-03-29] (DigitalPersona, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Google Slides) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-04]
CHR Extension: (Google Docs) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04]
CHR Extension: (Google Drive) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04]
CHR Extension: (YouTube) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04]
CHR Extension: (Google Cast) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-05]
CHR Extension: (Adblock Plus) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-08-05]
CHR Extension: (Avast Online Security) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-12-12]
CHR Extension: (Avast SafePrice) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-18]
CHR Extension: (Google Sheets) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (CheckLinks) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpdjoldbhncmhljihdbilnbbdbpoglk [2016-12-27]
CHR Extension: (HP Client Security Manager) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2016-03-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-02] (AVAST Software)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-08-15] () [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [502232 2016-03-29] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [563000 2014-07-16] (Hewlett-Packard Company)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-06-10] ()
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [373384 2014-12-08] (Hewlett-Packard Development Company, L.P.)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2014-07-16] (Hewlett-Packard Development Company)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-11-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 OMPM Service; C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\rdmf_clientd.exe [5775387 2016-05-13] () [File not signed]
R2 OMPMJBASSVC; C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\server\jboss-as\bin\jbosssvc.exe [61440 2011-08-11] (Red Hat®, Inc.) [File not signed]
R2 OMPMWatchdogService; C:\Program Files (x86)\Dell Printers\OpenManage\OMPMv2.0\client\OMPMWatchdogService.exe [199633 2014-03-18] () [File not signed]
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2012-08-16] (PostgreSQL Global Development Group) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-19] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-08-22] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-06-10] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-22] (Intel Corporation)
S3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [29024 2015-07-05] (Microchip)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-02-12] (Malwarebytes)
S3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [37728 2015-07-05] (Microchip)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6728976 2016-05-03] (Intel Corporation)
R3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [31440 2015-12-17] (Nfc GPIO Driver)
R0 PinFile; C:\WINDOWS\System32\DRIVERS\PinFile.sys [49856 2014-12-05] (WinMagic Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-09-28] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2016-09-28] (Realsil Semiconductor Corporation)
R0 SDDisk2K; C:\WINDOWS\System32\DRIVERS\SDDisk2K.sys [228544 2014-12-05] (WinMagic Inc.)
R0 SDDToki; C:\WINDOWS\System32\DRIVERS\SDDToki.sys [131264 2014-12-05] (WinMagic Inc.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-23] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51320 2016-08-22] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [700128 2015-06-16] (Sunplus)
S3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [48296 2015-07-23] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 14:14 - 2017-02-12 14:14 - 00027919 _____ C:\Users\Douglas\Desktop\FRST.txt
2017-02-12 14:13 - 2017-02-12 14:14 - 00000000 ____D C:\FRST
2017-02-12 14:12 - 2017-02-12 14:13 - 02421248 _____ (Farbar) C:\Users\Douglas\Desktop\FRST64.exe
2017-02-12 12:57 - 2017-02-12 13:00 - 00000000 ____D C:\AdwCleaner
2017-02-12 12:55 - 2017-02-12 12:57 - 04015056 _____ C:\Users\Douglas\Downloads\AdwCleaner.exe
2017-02-10 14:00 - 2017-02-10 14:00 - 00000000 ___HD C:\OneDriveTemp
2017-02-10 13:59 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-10 13:59 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-10 13:52 - 2017-02-10 13:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-10 13:47 - 2017-02-10 13:47 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-02-10 11:24 - 2017-02-10 11:24 - 00007744 _____ C:\Users\Douglas\Downloads\Document1.pdf
2017-02-10 11:24 - 2017-02-10 11:24 - 00007744 _____ C:\Users\Douglas\Downloads\Continuous Insulation.pdf
2017-02-09 23:25 - 2017-02-09 23:25 - 00043383 _____ C:\Users\Douglas\Downloads\Student Scholarship Application - INTERNATIONAL FACILITY MANAGEMENT ASSOCIATION.pdf
2017-02-02 18:41 - 2017-02-02 19:18 - 03387392 _____ C:\Users\Douglas\Desktop\Midrise_DW.rte
2017-01-29 16:04 - 2017-01-29 16:04 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-29 15:59 - 2017-02-09 23:40 - 00000000 ____D C:\Users\Douglas\AppData\LocalLow\Mozilla
2017-01-29 15:59 - 2017-01-29 16:05 - 00000000 ____D C:\Users\Douglas\AppData\Local\Mozilla
2017-01-29 15:59 - 2017-01-29 15:59 - 00000000 ____D C:\Users\Douglas\AppData\Roaming\Mozilla
2017-01-29 15:58 - 2017-02-10 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 15:58 - 2017-02-10 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 22:57 - 2017-01-25 22:57 - 00074752 _____ C:\Users\Douglas\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-25 22:53 - 2017-01-25 22:53 - 00000000 ____D C:\Users\Douglas\AppData\Roaming\Foxit Software
2017-01-25 22:15 - 2017-01-25 22:52 - 00000000 ____D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-19 17:05 - 2013-08-22 07:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170119-170555.backup
2017-01-19 14:21 - 2017-01-19 14:21 - 08813488 _____ (Piriform Ltd) C:\Users\Douglas\Downloads\ccsetup526.exe
2017-01-19 14:21 - 2017-01-19 14:21 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-01-19 14:21 - 2017-01-19 14:21 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-19 14:21 - 2017-01-19 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-19 14:21 - 2017-01-19 14:21 - 00000000 ____D C:\Program Files\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 13:11 - 2016-08-05 22:14 - 00003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDouglas
2017-02-12 13:11 - 2016-08-05 22:14 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDouglas.job
2017-02-12 13:07 - 2016-08-04 16:02 - 01857136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-12 13:07 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-12 13:07 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-12 13:03 - 2016-09-02 10:50 - 00000000 ____D C:\Users\Douglas\AppData\Local\Akamai
2017-02-12 13:03 - 2016-08-03 17:28 - 00000000 ___RD C:\Users\Douglas\OneDrive
2017-02-12 13:02 - 2016-08-04 16:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-12 13:02 - 2016-08-03 17:24 - 00000000 __SHD C:\Users\Douglas\IntelGraphicsProfiles
2017-02-12 13:01 - 2017-01-04 16:24 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-12 13:01 - 2016-08-04 16:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-12 13:01 - 2016-08-04 16:03 - 00000000 ____D C:\Users\Douglas
2017-02-12 13:01 - 2016-08-04 16:02 - 00000000 ____D C:\ProgramData\Validity
2017-02-12 13:00 - 2016-11-18 05:04 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-12 13:00 - 2016-10-09 21:13 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-02-12 13:00 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-12 12:59 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-12 12:45 - 2016-08-04 16:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 18:54 - 2016-08-04 18:12 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-10 18:54 - 2016-08-04 18:12 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-10 14:11 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 13:45 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-10 13:44 - 2016-10-09 20:59 - 00000000 ____D C:\Users\postgres
2017-02-10 13:43 - 2017-01-04 16:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-10 13:43 - 2016-09-02 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-02-10 13:43 - 2016-08-04 16:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-02-10 13:43 - 2016-08-04 00:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-10 13:43 - 2016-08-03 17:24 - 00000000 ____D C:\Users\Douglas\AppData\Local\Packages
2017-02-10 13:43 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-10 13:43 - 2015-12-27 09:11 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-02-10 13:43 - 2015-02-11 22:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 13:42 - 2016-09-02 12:49 - 00000000 ____D C:\ProgramData\FLEXnet
2017-02-10 13:42 - 2016-09-02 10:52 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-10 13:41 - 2016-09-02 11:17 - 00000000 ____D C:\Users\Douglas\AppData\Local\Autodesk
2017-02-10 13:41 - 2016-09-02 10:59 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-02-10 13:41 - 2016-09-02 10:59 - 00000000 ____D C:\Program Files\Autodesk
2017-02-10 13:41 - 2016-09-02 10:52 - 00000000 ____D C:\Users\Douglas\AppData\Roaming\Autodesk
2017-02-10 13:41 - 2016-09-02 10:46 - 00000000 ____D C:\Autodesk
2017-02-10 13:41 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-09 13:45 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-24 14:50 - 2016-09-25 12:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-24 11:45 - 2016-12-16 19:42 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 11:45 - 2016-08-04 17:51 - 00002421 _____ C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 17:05 - 2017-01-04 16:50 - 00001338 _____ C:\Users\Douglas\Desktop\Spybot - Search & Destroy.lnk
2017-01-19 16:31 - 2017-01-04 16:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-01-19 14:22 - 2016-11-18 05:44 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-19 14:22 - 2016-08-04 19:00 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-19 14:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-19 13:44 - 2016-08-04 18:04 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-18 16:37 - 2017-01-04 16:24 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-13 19:42 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-12-27 09:07 - 2016-09-24 16:39 - 14911756 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-12-27 09:16 - 2015-12-27 09:16 - 1266434 _____ () C:\ProgramData\hpdam_install_log.txt
2015-12-27 09:14 - 2015-12-27 09:14 - 0572516 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2016-09-02 11:15 - 2016-09-02 11:15 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-10 13:54

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hello DouglasW,

Thanks for those logs and info regarding the IP address. Continue please:

We need to uninstall SpyBot S&D as it may interfere with fixes we make.....

Disable Spybots teatimer and leave off for now.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

Uninstall SpyBot S&D - https://www.safer-networking.org/faq/how-to-uninstall-2/

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.
 
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
 
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
 
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish


Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

Here are all of the logs. I will go online and see if anything pops up and i will let you know. I will not know if I can open the Schools Web page until Monday afternoon when I get there. Do you have any idea why I can't view their web page but I could surf anywhere else?

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Douglas (12-02-2017 16:44:12) Run:1
Running from C:\Users\Douglas\Desktop
Loaded Profiles: Douglas & postgres (Available Profiles: Douglas & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\...\Policies\Explorer: [] 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
Tcpip\..\Interfaces\{041f9fdd-980f-480d-80b2-709b61edf4b5}: [DhcpNameServer] 93.115.31.195 8.8.8.8 8.8.4.4 
CHR Extension: (Chrome Media Router) - C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] 
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X] 
Task: {A025DB2E-7CD9-42F8-966C-7FCC2506A0E7} - \WPD\SqmUpload_S-1-5-21-3878661099-2688434193-2593423560-1002 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dental note.png:3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dental note.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Douglas\Desktop\Dr 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{E9507E14-8085-4E5F-B31E-1FAA22259543}] => LPort=49888
FirewallRules: [{E579BAF4-B6FB-478B-B8B7-848ABD74D5B9}] => LPort=5000
FirewallRules: [{177DE8C5-F47A-4632-829F-3B3D248F6B00}] => LPort=50248
FirewallRules: [{3620D8A1-F645-4CD2-BDFA-1B9E3BD62248}] => LPort=50441
FirewallRules: [{4D3EEC01-0B74-4002-9505-6945FB6A8476}] => LPort=5000
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3878661099-2688434193-2593423560-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{041f9fdd-980f-480d-80b2-709b61edf4b5}\\DhcpNameServer => value removed successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\RSUSBSTOR => key removed successfully
RSUSBSTOR => service removed successfully
HKLM\System\CurrentControlSet\Services\RSUSBVSTOR => key removed successfully
RSUSBVSTOR => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A025DB2E-7CD9-42F8-966C-7FCC2506A0E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A025DB2E-7CD9-42F8-966C-7FCC2506A0E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3878661099-2688434193-2593423560-1002 => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
C:\Users\Douglas\Desktop\Dental note.png => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Douglas\Desktop\Dental note.png => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Douglas\Desktop\Dr 3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9507E14-8085-4E5F-B31E-1FAA22259543} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E579BAF4-B6FB-478B-B8B7-848ABD74D5B9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{177DE8C5-F47A-4632-829F-3B3D248F6B00} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3620D8A1-F645-4CD2-BDFA-1B9E3BD62248} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D3EEC01-0B74-4002-9505-6945FB6A8476} => value removed successfully

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7790966 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 57371792 B
Edge => 18571966 B
Chrome => 134026052 B
Firefox => 19364139 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3228 B
NetworkService => 4114 B
Douglas => 78144830 B
postgres => 6656 B

RecycleBin => 2321862 B
EmptyTemp: => 302.9 MB temporary data Removed.

================================

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/12/17
Scan Time: 4:47 PM
Logfile: MB Summary Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1221
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DADSLAPTOP\Douglas

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442168
Time Elapsed: 5 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

The system needed a reboot.

==== End of Fixlog 16:44:30 ====

 

 

 

This is the ADWCleaner .txt I ran when you told me to. I will attach file from ADWCleaner I ran before I contacted you. I did clean the infected files on this one.

# AdwCleaner v6.043 - Logfile created 12/02/2017 at 17:06:47
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-12.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Douglas - DADSLAPTOP
# Running from : C:\Users\Douglas\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1276 Bytes] - [12/02/2017 13:00:02]
C:\AdwCleaner\AdwCleaner[C2].txt - [822 Bytes] - [12/02/2017 17:06:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [1356 Bytes] - [12/02/2017 12:59:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1287 Bytes] - [12/02/2017 17:04:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1040 Bytes] ##########
 

# AdwCleaner v6.043 - Logfile created 12/02/2017 at 13:00:02
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Douglas - DADSLAPTOP
# Running from : C:\Users\Douglas\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Douglas\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1051 Bytes] - [12/02/2017 13:00:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [1356 Bytes] - [12/02/2017 12:59:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1197 Bytes] ##########
 

 

This is the eset file.

 

C:\Users\Douglas\Downloads\ccsetup526.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
 

Let me no if there is anything else I need to do.

Doug

 

 

 

Link to post
Share on other sites

Run the following scans and post the produced logs...

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

user posted imageScan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects! This scanner is really good for checking, it has however been known for deleting files instead of curing them, in some cases this may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on user posted image icon and select user posted imageRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
  • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.


Please include that logfile in your next reply.

Don't forget to re-enable your security!

Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Post those logs, also tell me if there are any remaining issues or concerns. If the issue with multiple tabs opening persists tell me if that affects one specific browser or more thaan one...

Thank you,

Kevin...
Link to post
Share on other sites

Here are the scans.

Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/13
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 12CC1C737F9044BFF6BFE2
Scan Type              : System Scan
Duration               : 1m 20s
Scanned Objects        : 86584
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

HP Client Security Manager
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - HP Client Security Manager

Avast Online Security
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\daanglpcpkjjlkhcbladppjphglbigam
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Avast Online Security


Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Douglas (Administrator) on Tue 02/14/2017 at  0:04:26.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/14/2017 at  0:05:54.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

code]
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DADSLAPTOP
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : DADSLAPTOP\Douglas
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-13 23:56:33
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 1s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 23

   Objects scanned . . . : 2,144,886
   Files scanned . . . . : 35,328
   Remnants scanned  . . : 369,095 files / 1,740,463 keys

Suspicious files ____________________________________________________________

   C:\Users\Douglas\Desktop\FRST64.exe
      Size . . . . . . . : 2,421,248 bytes
      Age  . . . . . . . : 1.4 days (2017-02-12 14:12:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 11563E8B7DD4A13A707D21E27379415A55F81957CD6AE18548ED1136ECAA2395
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)

Cookies _____________________________________________________________________

   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:8413102.log.optimizely.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:autodesk.tt.omtrdc.net
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.contentmedialink.com
   C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\Douglas\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5FVIF8R1.cookie
   C:\Users\Douglas\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8H34L3SE.cookie
   C:\Users\Douglas\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T3F529S5.cookie
   C:\Users\Douglas\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UHM4CZVE.cookie
   C:\Users\Douglas\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZE0CVNX9.cookie


[/code]
 

 

Thanks

Doug

Link to post
Share on other sites

Lets go for a clean install of Chrome... If your Chrome Bookmarks are important do this first:


Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help...?
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.