Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #1  
Old August 23rd, 2016, 04:20 PM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
HJT error and potential infection (Checked out - not Malware)

toshiba satellite harman kardon




The CPU usage on this machine has been rendering the machine useless after a few minutes. I needed to restart the computer a few times just to run hjt, upload photos, and post this message. Process Manager drops to very low CPU usage when checked, or sometimes will not even open.

Please help me determine if there is a virus, find the source of this CPU drainage, and to help me permanently disable any background processes that are not necessary, including automatic updates for various programs. Thank you!

There was an error message when running HJT.



Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:56:15 AM, on 8/23/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18377)
CHROME: 52.0.2743.116

Boot mode: Normal

Running processes:
C:\Users\Tess\AppData\Roaming\Spotify\SpotifyWebHe lper.exe
C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe
C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\Tess\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tess\AppData\Roaming\Spotify\SpotifyWebH elper.exe"
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe" /c
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tess\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - Startup: Dropbox.lnk = Tess\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tess\AppData\Roaming\DVDVideoSoftIEHelper s\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tess\AppData\Roaming\DVDVideoSoftIEHelper s\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8246 bytes
Reply With Quote


  #2  
Old August 23rd, 2016, 11:36 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
Hello again Bemang,

The reason HJT showed that error is that you didn't run it as an Admin (right click the file - Run as administrator, which you should always do).

Not seeing anything so far.

Reboot to Safe Mode (at startup tap the F8 key and select Safe Mode with networking).


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"





Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: Your system is 64 bit).
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also in your next reply state whether Safe Mode improved things there.
Reply With Quote
  #3  
Old August 26th, 2016, 12:46 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Tess (administrator) on WILLS (25-08-2016 16:35:49)
Running from C:\Users\Tess\Downloads
Loaded Profiles: Tess (Available Profiles: Tess)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Tess\AppData\Roaming\Spotify\SpotifyWebHe lper.exe
(Dropbox, Inc.) C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Google Inc.) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
(Dropbox, Inc.) C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Run: [Spotify Web Helper] => C:\Users\Tess\AppData\Roaming\Spotify\SpotifyWebHe lper.exe [1555056 2016-08-13] (Spotify Ltd)
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Run: [Dropbox Update] => C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Run: [Google Update] => C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe [144200 2015-08-27] (Google Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\Users\Tess\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Dropbox.lnk [2016-08-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{35D1411F-00DC-404E-907E-A2CA0B7E7C43}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{EF84B798-6523-4666-8BF3-E41FAFA82805}: [DhcpNameServer] 129.219.17.200 129.219.17.5 129.219.13.81

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U220DHP&pc=U220
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_ 209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1 .dll [2016-08-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_ 209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3551948184-2426145505-3736589410-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.31.5 \npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3551948184-2426145505-3736589410-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.31.5 \npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3551948184-2426145505-3736589410-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tess\AppData\LocalLow\Unity\WebPlayer\loa der\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxp://www.google.com/ig"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_ x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2016-08-25]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgo cmfgmb [2016-03-18]
CHR Extension: (FastestFox for Chrome) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllml obdahm [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-08-20]
CHR Profile: C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Toolbar) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-01-22] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-01]
CHR Extension: (Google Drive) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-25]
CHR Extension: (YouTube) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-22]
CHR Extension: (Google Search) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-22]
CHR Extension: (We-Care.com Reminder) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2013-02-22] [UpdateUrl: hxxp://plugin.we-care.com/chrome-updates.xml] <==== ATTENTION
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-22] [UpdateUrl: hxxp://www.dvdvideosoft.com/download/extensions/chrome/dvsYoutubeDownload_updates.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Tess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-22]
StartMenuInternet: Google Chrome - C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 16:35 - 2016-08-25 16:36 - 00016633 _____ C:\Users\Tess\Downloads\FRST.txt
2016-08-25 16:35 - 2016-08-25 16:35 - 02396160 _____ (Farbar) C:\Users\Tess\Downloads\FRST64.exe
2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\FRST
2016-08-25 16:33 - 2016-08-25 16:33 - 00000000 ____D C:\Users\Tess\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Dropbox
2016-08-23 07:55 - 2016-08-23 07:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tess\Downloads\HijackThis.exe
2016-08-19 17:58 - 2016-08-19 17:58 - 00174969 _____ C:\Users\Tess\Downloads\720841.pdf
2016-08-13 19:47 - 2016-08-13 19:47 - 01093324 _____ C:\Users\Tess\Downloads\Dine_in_Menu_2013.pdf
2016-08-12 06:35 - 2016-06-10 23:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 06:35 - 2016-06-10 21:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 06:35 - 2016-06-10 14:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-12 06:35 - 2016-06-10 14:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-12 06:35 - 2016-06-10 14:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-12 06:35 - 2016-06-10 14:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-12 06:35 - 2016-06-10 14:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 06:35 - 2016-06-10 14:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 06:35 - 2016-06-10 14:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-12 06:35 - 2016-06-10 14:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 06:35 - 2016-06-10 14:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-12 06:35 - 2016-06-10 14:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-12 06:35 - 2016-06-10 14:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 06:35 - 2016-06-10 14:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-12 06:35 - 2016-06-10 13:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-12 06:35 - 2016-06-10 13:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-12 06:35 - 2016-06-10 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-12 06:35 - 2016-06-10 13:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-12 06:35 - 2016-06-10 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 06:35 - 2016-06-10 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-12 06:35 - 2016-06-10 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-12 06:35 - 2016-06-10 13:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 06:35 - 2016-06-10 13:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 06:35 - 2016-06-10 13:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 06:35 - 2016-06-10 13:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-12 06:35 - 2016-06-10 13:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 06:35 - 2016-06-10 12:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 06:35 - 2016-06-10 12:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 06:35 - 2016-06-10 12:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 06:35 - 2016-06-10 12:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-12 06:35 - 2016-06-10 11:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-12 06:35 - 2016-06-10 11:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 06:35 - 2016-06-10 11:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-12 06:35 - 2016-06-10 11:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-12 06:35 - 2016-06-10 11:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-12 06:35 - 2016-06-10 11:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 06:35 - 2016-06-10 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-12 06:35 - 2016-06-10 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-12 06:35 - 2016-06-10 11:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 06:35 - 2016-06-10 11:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-12 06:35 - 2016-06-10 11:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 06:35 - 2016-06-10 11:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-12 06:35 - 2016-06-10 11:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-12 06:35 - 2016-06-10 11:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-12 06:35 - 2016-06-10 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-12 06:35 - 2016-06-10 11:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-12 06:35 - 2016-06-10 11:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-12 06:35 - 2016-06-10 11:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-12 06:35 - 2016-06-10 11:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-12 06:35 - 2016-06-10 11:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-12 06:35 - 2016-06-10 11:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 06:35 - 2016-06-10 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-12 06:35 - 2016-06-10 11:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 06:35 - 2016-06-10 11:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 06:35 - 2016-06-10 11:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-12 06:35 - 2016-06-10 10:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 06:35 - 2016-06-10 10:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 06:35 - 2016-06-10 10:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 06:35 - 2016-06-10 10:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 06:34 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-12 06:34 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-12 06:34 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-12 06:34 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-12 06:34 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-12 06:34 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-12 06:34 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-12 06:34 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-12 06:34 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-12 06:34 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-12 06:34 - 2016-06-14 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-12 06:34 - 2016-06-10 14:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-12 06:34 - 2016-06-10 14:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-12 06:34 - 2016-06-10 14:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-12 06:34 - 2016-06-10 14:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 06:34 - 2016-06-10 13:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 06:34 - 2016-06-10 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-12 06:34 - 2016-06-10 12:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-07 20:23 - 2016-08-07 20:31 - 30533688 _____ C:\Users\Tess\Downloads\vlc-2.2.4-win32.exe
2016-08-04 18:21 - 2016-08-04 18:21 - 00105353 _____ C:\Users\Tess\Downloads\26830716395-537165736-ticket.pdf
2016-08-03 20:54 - 2016-08-03 21:00 - 00000000 ____D C:\Users\Tess\Desktop\Tess August 2016

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 16:33 - 2012-05-14 23:11 - 00000000 ___RD C:\Users\Tess\Dropbox
2016-08-25 16:33 - 2012-05-14 23:03 - 00000000 ____D C:\Users\Tess\AppData\Roaming\Dropbox
2016-08-25 16:29 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-25 16:29 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-25 16:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-25 16:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 07:38 - 2015-06-21 10:23 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA.job
2016-08-25 07:15 - 2015-06-12 19:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-23 15:47 - 2015-07-15 14:29 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA.job
2016-08-20 19:48 - 2016-04-14 20:03 - 00007597 _____ C:\Users\Tess\AppData\Local\Resmon.ResmonCfg
2016-08-20 19:47 - 2015-07-15 14:29 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core.job
2016-08-20 19:47 - 2009-07-13 22:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-20 19:45 - 2012-05-21 16:10 - 00000000 ____D C:\Users\Tess\AppData\Local\Spotify
2016-08-20 19:45 - 2012-05-14 23:04 - 00000000 ____D C:\Users\Tess\AppData\Roaming\Spotify
2016-08-20 17:38 - 2015-06-21 10:23 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core.job
2016-08-15 18:37 - 2015-06-01 20:00 - 00000000 ____D C:\Users\Tess\AppData\Roaming\vlc
2016-08-15 17:08 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-14 18:59 - 2015-06-04 12:50 - 00000000 ____D C:\Users\Tess\AppData\Roaming\tixati
2016-08-14 18:40 - 2012-05-14 23:54 - 00000000 ____D C:\Users\Tess\Downloads\movies
2016-08-12 19:55 - 2009-07-13 21:45 - 00408136 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-12 17:31 - 2013-08-14 08:17 - 00000000 ____D C:\Windows\system32\MRT
2016-08-12 17:13 - 2012-05-15 00:10 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 17:52 - 2012-05-14 23:02 - 00002368 _____ C:\Users\Tess\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Google Chrome.lnk
2016-08-07 20:34 - 2012-05-14 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-03 21:10 - 2015-05-27 16:39 - 00000000 ____D C:\Program Files\Java
2016-08-03 21:10 - 2015-01-15 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-03 21:09 - 2016-01-15 17:44 - 00000000 ____D C:\Users\Tess\.oracle_jre_usage
2016-08-03 21:08 - 2015-05-27 16:40 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-07-28 19:42 - 2012-05-14 23:02 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA
2016-07-28 19:42 - 2012-05-14 23:02 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-04-14 20:03 - 2016-08-20 19:48 - 0007597 _____ () C:\Users\Tess\AppData\Local\Resmon.ResmonCfg
2012-05-22 09:38 - 2012-05-22 09:38 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-01-30 00:48 - 2013-01-30 00:48 - 0000256 _____ () C:\ProgramData\lxdu.log
2012-08-03 15:13 - 2012-08-03 15:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-26 19:40

==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old August 26th, 2016, 12:48 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Tess (25-08-2016 16:37:28)
Running from C:\Users\Tess\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-05-15 05:57:48)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3551948184-2426145505-3736589410-500 - Administrator - Disabled)
Guest (S-1-5-21-3551948184-2426145505-3736589410-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3551948184-2426145505-3736589410-1002 - Limited - Enabled)
Tess (S-1-5-21-3551948184-2426145505-3736589410-1000 - Administrator - Enabled) => C:\Users\Tess

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.0.19.1 (HKLM-x32\...\{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}) (Version: 4.0.19.1 - We-Care.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix Presentation Server Client (HKLM-x32\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)
CreaVures (HKLM-x32\...\Steam App 49810) (Version: - Muse Games)
Digsby (HKLM-x32\...\Digsby) (Version: - dotSyntax, LLC)
Dropbox (HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Eets Munchies (HKLM-x32\...\Eets2) (Version: - Klei Entertainment)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - )
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
Foxit Reader (HKLM-x32\...\{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}) (Version: 5.4.3.920 - Foxit Corporation)
Free Studio version 6.5.4.805 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.4.805 - DVDVideoSoft Ltd.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Google Chrome (HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{0AB0989D-2EBF-4772-830A-B370E0D7ED71}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Offspring Fling! (HKLM-x32\...\Steam App 211360) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
Skype™ 5.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.9.115 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Tixati (HKLM-x32\...\tixati) (Version: - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.33.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Unity Web Player (HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52 ) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
YOU DON'T KNOW JACK Vol. 1 XL (HKLM-x32\...\Steam App 252730) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.25.5 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.27.5 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.30.3 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.31.5 \psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.28.1 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.28.1 3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.29.5 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.29.1 \psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.28.1 5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tess\AppData\Local\Google\Update\1.3.31.5 \psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3551948184-2426145505-3736589410-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tess\AppData\Roaming\Dropbox\bin\DropboxE xt64.42.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2ABBC8D8-DF15-4AEE-8325-9664CD3B39A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core => C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe [2015-08-27] (Google Inc.)
Task: {4BF1E434-8F9B-4315-AF70-DF07E1D44682} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA => C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe [2015-08-27] (Google Inc.)
Task: {4FC1E933-EA05-421C-80E1-6CF7C0C9A36C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA => C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe [2015-06-21] (Dropbox, Inc.)
Task: {6F665BFE-4212-4845-9EC9-349438F07976} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-07-16] (Adobe Systems Incorporated)
Task: {7034CC83-1368-42C8-8944-362F7D672FDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {88447CA7-80FF-4F33-AA20-FE9071897735} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {994DE3CB-FA8D-4F04-94D1-8BB383B3D77C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A0F4F534-F541-4E96-A3E3-CE5F16C4AE64} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
Task: {B6D539DE-BF2C-468F-A426-BA1655E1CE35} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core => C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe [2015-06-21] (Dropbox, Inc.)
Task: {D083BDF5-1EAB-44FD-A63D-FEF6E9F8F055} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D8A5D751-A069-4185-B7C0-EDD6A2DBC128} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core.job => C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA.job => C:\Users\Tess\AppData\Local\Dropbox\Update\Dropbox Update.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000Core.job => C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551948184-2426145505-3736589410-1000UA.job => C:\Users\Tess\AppData\Local\Google\Update\GoogleUp date.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-08 17:52 - 2016-08-02 17:24 - 01771336 _____ () C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\52.0.2743.116\libglesv2.dll
2016-08-08 17:52 - 2016-08-02 17:23 - 00094024 _____ () C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\52.0.2743.116\libegl.dll
2015-12-11 16:28 - 2016-07-11 19:07 - 00035792 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\_multipr ocessing.pyd
2016-08-25 16:32 - 2016-07-11 19:07 - 00145864 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\pyexpat. pyd
2016-08-25 16:32 - 2016-07-11 19:07 - 00019408 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\faulthan dler.pyd
2016-08-25 16:32 - 2016-07-11 19:07 - 00116688 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\pywintyp es27.dll
2015-12-11 16:28 - 2016-07-11 19:07 - 00100296 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\_ctypes. pyd
2015-12-11 16:28 - 2016-07-11 19:07 - 00018888 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\select.p yd
2015-12-11 16:28 - 2016-08-23 16:17 - 00019760 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\tornado. speedups.pyd
2015-12-11 16:28 - 2016-07-11 19:07 - 00694224 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\unicoded ata.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00020816 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\cryptogr aphy.hazmat.bindings._constant_time.pyd
2015-12-11 16:28 - 2016-07-11 19:07 - 00123856 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\_cffi_ba ckend.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 01682760 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\cryptogr aphy.hazmat.bindings._openssl.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00020808 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\cryptogr aphy.hazmat.bindings._padding.pyd
2016-08-05 20:22 - 2016-08-23 16:17 - 00021312 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.c rt.compiled._winffi_crt.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00052024 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\psutil._ psutil_windows.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00105928 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32api .pyd
2016-08-05 20:22 - 2016-08-23 16:17 - 00025424 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.k ernel32.compiled._winffi_kernel32.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00038696 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\fastpath .pyd
2016-08-25 16:32 - 2016-07-11 19:07 - 00392144 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\pythonco m27.dll
2016-08-25 16:32 - 2016-07-11 19:09 - 00020936 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\mmapfile .pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00024528 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32eve nt.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00114640 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32sec urity.pyd
2015-12-11 16:28 - 2016-08-23 16:17 - 00381752 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32com .shell.shell.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00124880 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32fil e.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00024016 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32cli pboard.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00175560 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32gui .pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00030160 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32pip e.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00043472 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32pro cess.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00048592 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32ser vice.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00026456 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\dropbox. infinite.win.compiled._driverinstallation.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00057808 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32evt log.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00024016 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32pro file.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00246592 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\breakpad .client.windows.handler.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00028616 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32ts. pyd
2016-02-17 21:26 - 2016-08-23 16:17 - 00020800 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.i phlpapi._winffi_iphlpapi.pyd
2016-02-17 21:26 - 2016-08-23 16:17 - 00019776 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.w inerror._winffi_winerror.pyd
2016-02-17 21:26 - 2016-08-23 16:17 - 00020800 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.w ininet._winffi_wininet.pyd
2015-12-11 16:28 - 2016-07-11 19:07 - 00144848 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\_element tree.pyd
2016-08-05 20:22 - 2016-07-11 19:08 - 00241104 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\_jpegtra n.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00020280 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\cpuid.co mpiled._cpuid.pyd
2015-12-11 16:28 - 2016-08-23 16:17 - 00023376 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winscree nshot.compiled._CaptureScreenshot.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00350152 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winxpgui .pyd
2016-02-17 21:26 - 2016-08-23 16:17 - 00022352 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winverif ysignature.compiled._VerifySignature.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00024392 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\librsync ffi.compiled._librsyncffi.pyd
2016-08-25 16:32 - 2016-07-11 19:09 - 00036296 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\librsync .dll
2016-08-25 16:32 - 2016-08-23 16:17 - 00084280 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\dropbox_ sqlite_ext.DLL
2016-08-25 16:32 - 2016-08-23 16:17 - 01826096 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Core.pyd
2015-12-11 16:28 - 2016-07-11 19:07 - 00083912 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 03929392 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Widgets.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 01972016 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Gui.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00531248 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Network.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00132912 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt WebKit.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00224056 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt WebKitWidgets.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00207672 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt PrintSupport.pyd
2016-08-05 20:22 - 2016-08-23 16:17 - 00020288 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.u ser32._winffi_user32.pyd
2015-12-11 16:28 - 2016-07-11 19:09 - 00060880 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\win32pri nt.pyd
2016-08-05 20:22 - 2016-08-23 16:17 - 00024904 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\winffi.w inhttp.compiled._winffi_winhttp.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00546096 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Quick.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00357680 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt Qml.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00168248 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt WebEngineWidgets.pyd
2016-08-25 16:32 - 2016-08-23 16:17 - 00042808 _____ () C:\Users\Tess\AppData\Roaming\Dropbox\bin\PyQt5.Qt WebChannel.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-05-27 16:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3551948184-2426145505-3736589410-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tess\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Tess\AppData\Local\Google\Update\GoogleU pdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9FC2D62A89100567DB676C09B66 483EF => "C:\Users\Tess\AppData\Local\Google\Chrome\Applica tion\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN297143RW05R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Tess\AppData\Roaming\Spotify\Spotify.exe " -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tess\AppData\Roaming\Spotify\SpotifyWebH elper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5D0A9621-E10C-4D8B-93D4-40991DA7BCE0}] => (Allow) C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe
FirewallRules: [{C69F3447-4517-4E20-8A1C-27774CE489FE}] => (Allow) C:\Users\Tess\AppData\Roaming\Dropbox\bin\Dropbox. exe
FirewallRules: [{FEB6DDB0-5EA6-491E-8FDD-571369B79040}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CCA7E79D-D50F-4EBE-856A-39F3CC3B4BF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AA80046-4678-4621-B63B-A25B4F491A0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFBE86E7-46EC-4A85-9CAD-E211CD8EC0D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F110CF-8024-43F9-9204-692F31B68952}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00DB67FC-0BDB-42A1-8301-2C36573EDBDE}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{23E30DB0-3BBD-45E0-BEB0-4A425F9CE6A0}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{8040099B-839D-485B-8625-1C4BC6A442A3}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{289649F4-C072-4610-AF65-0C84ADFBBF8A}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{E99EFA6C-6A30-4647-B82A-96F0B5FDDCC7}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.e xe
FirewallRules: [{C35F9C81-1FCA-4A70-818C-A911A9956598}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.e xe
FirewallRules: [TCP Query User{DAC8ED5E-FB15-4654-954E-DBA21E266894}C:\users\tess\appdata\roaming\spotify \spotify.exe] => (Allow) C:\users\tess\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3480501F-2A7E-4FC7-A6AF-669D0EC8DC32}C:\users\tess\appdata\roaming\spotify \spotify.exe] => (Allow) C:\users\tess\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F9A97E9F-8F23-4DF0-975B-C6251FEC9936}C:\users\tess\appdata\roaming\spotify \spotify.exe] => (Allow) C:\users\tess\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C9570FDF-C1BF-49EB-822A-3BE2BCE8F44B}C:\users\tess\appdata\roaming\spotify \spotify.exe] => (Allow) C:\users\tess\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6EB2170F-A210-4511-BFDE-A5F175B7ECAA}C:\program files (x86)\itunes\itunes.exe] => (Allow) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{4EE77992-3E0D-4B4B-96B1-41432C2E1E4A}C:\program files (x86)\itunes\itunes.exe] => (Allow) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{176BFD39-561E-4B51-A1B1-3BD437260E3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63713293-C1C8-46B7-A6C8-D53F83201312}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8DD7446E-5760-47AB-AC4F-1A96B3DF0B28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\creavures\Creavures.e xe
FirewallRules: [{1F37B441-7F0F-4E6F-A346-CFE70CCC44FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\creavures\Creavures.e xe
FirewallRules: [{AFC0DD7D-835F-4C0D-8E42-BF1BA0CBD691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\offspring fling!\Offspring Fling.exe
FirewallRules: [{FB3012A3-B7EF-4DF7-8FA5-A69D73A466AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\offspring fling!\Offspring Fling.exe
FirewallRules: [{1AA7C438-B21C-47CF-A7BD-8F5810115430}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{468E2177-262E-4158-ACAD-768DD2FD3C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ.exe
FirewallRules: [{18A80FF2-0B1D-45C4-932E-4B23EB1CCEDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ_LaunchOptions .exe
FirewallRules: [{D916315C-C779-4CCD-B95C-DAC0EB5731B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FEZ\FEZ_LaunchOptions .exe
FirewallRules: [{2BEDFEBD-04EB-490F-90B2-05B250CD4FAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\eets_munchies\eets2.e xe
FirewallRules: [{3A7E7FFC-D21C-4AFF-B97A-6AD8A28C73E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\eets_munchies\eets2.e xe
FirewallRules: [TCP Query User{2966CAEF-1C4C-43BA-AAB2-C7AEC711DB4F}C:\users\tess\appdata\local\google\ch rome\application\chrome.exe] => (Allow) C:\users\tess\appdata\local\google\chrome\applicat ion\chrome.exe
FirewallRules: [UDP Query User{2996402B-A29C-4A1F-B9C6-D3B3986DC2B5}C:\users\tess\appdata\local\google\ch rome\application\chrome.exe] => (Allow) C:\users\tess\appdata\local\google\chrome\applicat ion\chrome.exe
FirewallRules: [{86998ECF-0745-4AC6-B89A-C70C52F58456}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{A6DE5D7B-9B9B-48ED-892B-C23C067FF761}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{714E9841-5688-40BF-A8D9-7A42300F3258}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{155137C4-D3EE-40CE-94C7-804F24B0CAEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{C8200D19-CA14-479A-AEF3-1CB5C5BC2FDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{4F25A0C8-7BF4-408B-8B22-51BA65DE2BC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{4D54D2EB-BB4F-4862-980C-27F29A557E4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{F8F5F6B7-23E8-400F-BCD2-E97A864880BF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1359E1EC-5A91-4C7A-B8B4-888FE8CACDC8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{687CF828-4B02-4683-B4A0-2C0382946481}C:\users\tess\appdata\roaming\dropbox \bin\dropbox.exe] => (Allow) C:\users\tess\appdata\roaming\dropbox\bin\dropbox. exe
FirewallRules: [UDP Query User{F043B7B3-A30D-454A-8ECD-7E7025469F5D}C:\users\tess\appdata\roaming\dropbox \bin\dropbox.exe] => (Allow) C:\users\tess\appdata\roaming\dropbox\bin\dropbox. exe
FirewallRules: [TCP Query User{2E35C89F-5E6B-4D9A-8A8E-C4E2D41EC5E9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{81A0D271-C111-4ADF-87EA-E14323B7E8C4}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{E7D1CCFF-B807-4B0E-B651-B8D19E16F690}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{F3BA6B51-33F0-4F94-BA0C-FFD21355F679}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{85928835-83A5-4694-BBAB-39BB198AFAFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60441728-F815-4384-9799-FF0572E774E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86EBB967-2B37-4B5F-A562-CF54F9281DBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E710E49-A646-4A9C-9A41-511650D6ADB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{358D669E-EFE2-491C-8491-70CB943AC984}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4EE445F4-D7B2-4ACF-B0A4-858AD4BB9662}] => (Allow) C:\Users\Tess\AppData\Local\Google\Chrome\Applicat ion\chrome.exe

==================== Restore Points =========================

23-06-2016 08:14:20 Windows Update
26-06-2016 18:36:37 Windows Update
30-06-2016 07:49:31 Windows Update
04-07-2016 20:58:06 Windows Update
08-07-2016 18:58:15 Windows Update
13-07-2016 07:06:56 Windows Update
01-08-2016 21:13:20 Windows Update
12-08-2016 17:05:33 Windows Update
21-08-2016 20:12:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 04:22:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2016 07:13:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 03:46:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 07:24:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 10:36:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 08:12:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2016 04:43:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 05:32:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2016 06:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 08:04:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/25/2016 07:38:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.325.0

Update Source: %NT AUTHORITY59

Update Stage: 4.9.0218.00

Source Path: 4.9.0218.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/25/2016 07:11:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%14 = Not enough storage is available to complete this operation.

Error: (08/23/2016 04:22:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.325.0

Update Source: %NT AUTHORITY59

Update Stage: 4.9.0218.00

Source Path: 4.9.0218.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2016 08:10:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:44:01 PM on ‎8/‎20/‎2016 was unexpected.

Error: (08/20/2016 10:44:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

Error: (08/20/2016 10:44:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Error: (08/20/2016 10:43:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

Error: (08/20/2016 10:43:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (08/20/2016 08:18:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (08/20/2016 04:41:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:42:39 PM on ‎8/‎19/‎2016 was unexpected.


CodeIntegrity:
===================================
Date: 2015-11-14 17:11:20.856
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-14 17:11:20.744
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-27 15:57:17.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-27 15:57:17.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-12 13:19:31.166
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-12 13:19:31.119
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-12 13:18:13.733
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-12 13:18:13.686
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 3963.99 MB
Available physical RAM: 1756.17 MB
Total Virtual: 7926.16 MB
Available Virtual: 5893.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.05 GB) (Free:179.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CC4608EA)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End of Addition.txt ============================
Reply With Quote
  #5  
Old August 27th, 2016, 12:14 AM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
Let's check something before we assume malware, though there is at least WeCare garbage there.


Click Start, and in the search box type msconfig

msconfig.exe should appear at the top of that display. Right click that, and select "Run as administrator".

Click the Startup tab, and locate and uncheck any of the following:

Apple (includes iTunes), Spotify, Dropbox or Google or Chrome.

Then click Apply and OK, and allow the Restart. Post back if that changes anything please.
Reply With Quote
  #6  
Old August 27th, 2016, 02:25 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
I made the changes to startup in MSConfig. Oddly, I had unchecked Google Update and Spotify in the past, and those boxes remained unchecked. However, new Google Update and Spotify items were created and toggled on. I just unchecked the new items today.

I have just restarted the computer and after the first few minutes and the CPU seems to fluctuate, going close to 100% even though I have no programs open.
Reply With Quote
  #7  
Old August 27th, 2016, 07:28 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
There are Tasks for some startups, and they may recreate the startup.


Reboot to Safe Mode with Networking (at startup tap the F8 key and select Safe Mode with Networking).


Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

----------------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

Agree to the language prompt, and place a check next to:

Install 32 and 64 bits versions (Recommended for Technicians).

Then click Next until you get to the Finish button, and click it. RogueKiller will then open.

Click the Start Scan button, then again the Start Scan button.

When the scan finishes click the Open Report button. Then click the Open TXT button. Save that report to your desktop, and post it back here please. For now just close RogueKiller.
Reply With Quote
  #8  
Old August 28th, 2016, 12:26 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-27 16:23:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK5055GSX rev.FG001M 465.76GB
Running: vh9fdwvp.exe; Driver: C:\Users\Tess\AppData\Local\Temp\kxldqpod.sys


---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{35d1411f-00dc-404e-907e-a2ca0b7e7c43}@Dhcpv6MaxLeaseExpireTime 1472339922
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{35d1411f-00dc-404e-907e-a2ca0b7e7c43}@Dhcpv6LeaseObtainedTime 1472339862

---- EOF - GMER 2.2 ----
Reply With Quote
  #9  
Old August 28th, 2016, 02:43 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
RogueKiller V12.5.1.0 (x64) [Aug 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Tess [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/27/2016 16:32:15 (Duration : 00:29:53)

Processes : 1
[Proc.Injected] vh9fdwvp.exe(272) -- C:\Users\Tess\Desktop\vh9fdwvp.exe[-] -> Found

Registry : 4
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\kxldqpod (\??\C:\Users\Tess\AppData\Local\Temp\kxldqpod.sys ) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k xldqpod (\??\C:\Users\Tess\AppData\Local\Temp\kxldqpod.sys ) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3551948184-2426145505-3736589410-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3551948184-2426145505-3736589410-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowRecentDocs : 0 -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 0 (Driver: Not loaded [0xc000035f])

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++
--- User ---
[MBR] f8163e5ca073bfb068314c2c0830d6dd
[BSP] 6050707484104a60a43177e6ad55a774 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464951 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955293696 | Size: 10488 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Reply With Quote
  #10  
Old August 28th, 2016, 10:21 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
Rogue Killer basically found Gmer, which found little.

Right click Computer, left click Manage. Click Device Manager - Display Adapters. What shows there for your graphics program please?
Reply With Quote
  #11  
Old August 29th, 2016, 05:46 PM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
Mobile Intel(R) 4 Series Express Chipset Family
Reply With Quote
  #12  
Old August 29th, 2016, 11:05 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
Again, right click Computer, left click Manage. Click Device Manager - Display Adapters.

Right click Mobile Intel(R) 4 Series Express Chipset Family, then click Uninstall. DO NOT place a check in the box to delete the "Delete driver software" option.

Then close everything, and reboot. Windows will find the display adapter on a bootup, and reinstall the driver. Post back on if that changed anything.

You may need to reboot one more time after the driver is installed.
Reply With Quote
  #13  
Old August 30th, 2016, 03:22 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
Driver Software Installation stalled for a while and then failed to instal mobil intel(R) 4 Series Express Chipset Family. CPU still running 60-100% at all times.
Reply With Quote
  #14  
Old August 30th, 2016, 10:54 PM
Jintan's Avatar
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 51,631
Go here, and put in your model number.

Then under "Filter By:", click on Display, and download the Mobile Intel(R) 4 Series Express Chipset option, and then install it, and reboot after. Post an update please.
Reply With Quote
  #15  
Old August 31st, 2016, 03:26 AM
Bremang Bremang is offline
Senior Member
 
Join Date: Oct 2005
Posts: 392
In the previous post I had uninstalled the driver, and it would not reinstall automatically. Since then I had turned my computer off. I just turned it on again and the driver has returned. Should I start over and use the link this time, or was the uninstall and reinstall successful due to the reboot?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 09:02 AM.