Google Chrome hijacked

I cannot log into Google through Chrome. When I click on the login button I am redirected to this link: https://adfs.orangeu...le.com%2F&hl=en

I have run Malware Bytes and tdsskiller and the problem still exists.

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016

Ran by Cathy (administrator) on CATHY-PC (17-09-2016 20:24:20)

Running from C:\Users\Cathy\Desktop

Loaded Profiles: Cathy (Available Profiles: Cathy)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-11-30]

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-12]

ShortcutTarget: Dropbox.lnk -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

Tcpip\..\Interfaces\{7749AC6C-7C22-46AC-A870-B51B45DEC1C6}: [NameServer] 208.67.222.222,208.67.220.220

Tcpip\..\Interfaces\{7749AC6C-7C22-46AC-A870-B51B45DEC1C6}: [DhcpNameServer] 172.16.0.1

Tcpip\..\Interfaces\{8B6F7FB7-750F-4D7D-B32D-32EC8839127A}: [DhcpNameServer] 172.16.0.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP

SearchScopes: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000 -> {F687E75B-9860-4B3E-9B26-A1C98E2AD1B6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-30] (LastPass)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)

BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-30] (LastPass)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-30] (LastPass)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-30] (LastPass)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:

========

FF ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\0k7rwdi6.default

FF DefaultSearchEngine: Yahoo

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Yahoo

FF Homepage: hxxp://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-17] ()

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-30] (LastPass)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-17] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-30] (LastPass)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=__PARAM__&ocid=__PARAM__DHP

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File

CHR Profile: C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default [2016-09-17]

CHR Extension: (Google Translate) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-22]

CHR Extension: (Google Docs) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]

CHR Extension: (Google Drive) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]

CHR Extension: (YouTube) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]

CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-10-03]

CHR Extension: (Add to Amazon Wish List) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-06-05]

CHR Extension: (Google Search) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]

CHR Extension: (Google Docs Offline) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]

CHR Extension: (Pinterest Save Button) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-17]

CHR Extension: (StumbleUpon) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-02-28]

CHR Extension: (Toothless) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmoddhicigmjbldpdglkhalagjjiinnl [2015-07-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

CHR Extension: (Gmail) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]

CHR Extension: (Google Similar Pages) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2014-04-10]

CHR Extension: (Chrome Media Router) - C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]

CHR HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-17] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-17 20:24 - 2016-09-17 20:24 - 00019478 _____ C:\Users\Cathy\Desktop\FRST.txt

2016-09-17 20:23 - 2016-09-17 20:24 - 00000000 ____D C:\FRST

2016-09-17 20:22 - 2016-09-17 20:22 - 02399232 _____ (Farbar) C:\Users\Cathy\Desktop\FRST64.exe

2016-09-17 19:52 - 2016-09-17 19:53 - 00193696 _____ C:\TDSSKiller.3.0.0.40_17.09.2016_19.52.10_log.txt

2016-09-17 19:52 - 2016-09-17 19:52 - 04656735 _____ C:\Users\Cathy\Downloads\tdsskiller.zip

2016-09-16 23:22 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2016-09-16 23:22 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2016-09-16 23:22 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2016-09-16 23:22 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2016-09-16 23:22 - 2016-07-01 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-09-16 23:22 - 2016-07-01 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2016-09-16 23:22 - 2016-07-01 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-09-16 23:22 - 2016-07-01 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2016-09-16 23:22 - 2016-07-01 07:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2016-09-16 23:22 - 2016-07-01 07:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2016-09-16 23:22 - 2016-07-01 07:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-17 20:16 - 2013-05-13 18:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-09-17 19:53 - 2013-05-14 19:30 - 00000000 ____D C:\Users\Cathy\AppData\Roaming\Skype

2016-09-17 19:45 - 2013-10-22 01:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-09-17 16:18 - 2014-04-13 15:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-09-17 14:16 - 2009-07-13 21:45 - 00032656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-09-17 14:16 - 2009-07-13 21:45 - 00032656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-09-17 13:45 - 2013-10-22 01:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-09-17 13:45 - 2013-10-22 01:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-09-17 13:45 - 2013-10-22 01:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-09-17 13:45 - 2013-10-22 01:19 - 00000000 ____D C:\Windows\system32\Macromed

2016-09-17 13:45 - 2013-07-11 21:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-09-17 13:32 - 2013-05-13 18:34 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-09-17 13:32 - 2013-05-13 18:34 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-09-17 13:16 - 2013-05-13 18:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-09-17 12:32 - 2015-10-13 20:39 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily

2016-09-17 12:32 - 2013-05-09 18:41 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job

2016-09-17 12:32 - 2013-05-09 18:41 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job

2016-09-17 12:32 - 2013-05-09 18:40 - 00151552 _____ C:\Windows\KMSEmulator.exe

2016-09-17 12:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-09-16 23:20 - 2014-12-25 12:04 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-09-16 23:13 - 2016-08-06 14:12 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-09-16 23:13 - 2013-05-14 19:29 - 00000000 ____D C:\ProgramData\Skype

2016-09-16 23:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

2016-09-16 22:58 - 2013-05-09 13:45 - 00000000 ____D C:\Users\Cathy

2016-08-24 14:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2016-08-21 12:51 - 2016-06-03 13:23 - 00000000 ____D C:\Users\Cathy\AppData\Local\Battle.net

2016-08-21 12:31 - 2016-06-03 16:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2016-08-21 12:28 - 2016-06-03 13:19 - 00000000 ____D C:\Program Files (x86)\Battle.net

==================== Files in the root of some directories =======

2015-09-28 20:34 - 2015-09-28 20:34 - 6420480 _____ () C:\Program Files (x86)\GUT45A8.tmp

2013-11-30 21:57 - 2013-11-30 21:57 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

2015-01-06 20:22 - 2015-01-26 19:48 - 0000139 _____ () C:\Users\Cathy\AppData\Roaming\GeneralSetting.xml

2015-01-06 20:21 - 2015-01-26 19:47 - 0000017 _____ () C:\Users\Cathy\AppData\Roaming\LocationSetting.xml

2015-03-18 17:53 - 2015-03-18 17:54 - 0000000 _____ () C:\Users\Cathy\AppData\Local\{8E2B39CF-8F3C-4EC1-BD83-2721345082F5}

Some files in TEMP:

====================

C:\Users\Cathy\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Cathy\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Cathy\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-17 14:09

==================== End of FRST.txt ============================

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016

Ran by Cathy (17-09-2016 20:25:07)

Running from C:\Users\Cathy\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2013-05-09 20:45:27)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1743566053-3647319215-1998572205-500 - Administrator - Disabled)

Cathy (S-1-5-21-1743566053-3647319215-1998572205-1000 - Administrator - Enabled) => C:\Users\Cathy

Guest (S-1-5-21-1743566053-3647319215-1998572205-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1743566053-3647319215-1998572205-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}

AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version: - )

Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)

Dropbox (HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)

PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)

Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)

The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows Driver Package - Ricoh Company MS Host Controller (04/27/2010 6.13.03.03) (HKLM\...\329BC6C693EDBAE5D333838328DDCBF99FE39773) (Version: 04/27/2010 6.13.03.03 - Ricoh Company)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1743566053-3647319215-1998572205-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16128446-235D-4B5A-9BA0-1EB4F92099D9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-09] ()

Task: {20A9F615-851B-47C8-806A-943EE58BC7B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

Task: {2E2B1A4A-39AE-43EA-93E5-7711B308479F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)

Task: {69BB956D-669E-49DA-8EC6-63909386E23B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)

Task: {7697C363-E4EE-4376-9843-9F812B20EF98} - System32\Tasks\{985D68C1-8529-4D91-B349-B50C8EED36E6} => pcalua.exe -a D:\autorun.exe -d D:\

Task: {77D7DAB7-DCCB-4560-849D-AEC04DD8A2E4} - System32\Tasks\{26EEDFD6-69BB-48D9-AD91-0C0680CB6542} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly

Task: {9B3EEF09-3B41-40D2-B886-99707E3F5956} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)

Task: {9DDF0487-EF14-449D-831C-465DEBCDCD87} - System32\Tasks\{910F9FE4-CCA7-43EB-A0D8-811BADA3B4FE} => pcalua.exe -a C:\Users\Cathy\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

Task: {A45E9C1F-5214-46BF-8136-5D0BA109B6E1} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-09] ()

Task: {A9E237FF-3A27-4E67-AEBB-B66971207EBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-17] (Adobe Systems Incorporated)

Task: {E29D51DF-A051-4638-B22F-6FAC5FD35B53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)

Task: {E76FC081-0051-47C0-AEC4-1F20AE7A577A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-10-08 18:04 - 2012-10-08 18:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-09-17 13:31 - 2016-09-13 17:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll

2016-09-17 13:31 - 2016-09-13 17:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-11-09 17:52 - 00000031 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1743566053-3647319215-1998572205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 208.67.222.222 - 208.67.220.220

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{735DC1EC-E811-4DD8-89D5-7E8EFDBBF44C}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [UDP Query User{F0D690B2-A722-4C9E-9A8D-C633CB131F5E}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [{C83D1781-B316-426F-B22A-460C2BF7D982}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe

FirewallRules: [{C106514C-B5FE-4CB9-830A-D53BB9357891}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe

FirewallRules: [{895F3EA4-F8DF-4A8F-BDE2-36E480CACA1E}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe

FirewallRules: [{465C6AB4-1933-421F-BD3A-7E1D03BBE58F}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe

FirewallRules: [{F6F27FF5-76FD-4AE3-899E-E11CAD1837AE}] => (Allow) LPort=5353

FirewallRules: [TCP Query User{F4EE6341-E972-4834-95A5-F5A87176EA29}C:\users\cathy\appdata\local\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\privatejre\bin\armiregistry.exe

FirewallRules: [UDP Query User{88CB68E4-35BE-4502-81CC-442F82B8E9E0}C:\users\cathy\appdata\local\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\privatejre\bin\armiregistry.exe

FirewallRules: [TCP Query User{315EB4AC-A04B-4087-ABA3-3A0A0DA77569}C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\aviewer.exe

FirewallRules: [UDP Query User{76979D56-D6B6-4AB6-9E72-35E56D171576}C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\aviewer.exe

FirewallRules: [TCP Query User{9AF938FF-9BED-41C6-A5A5-6F4A7C23CB0D}C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\astudycachemgr.exe

FirewallRules: [UDP Query User{87A807A2-42CC-48E7-B3FA-A34CF8BA224F}C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\cathy\appdata\local\amicas\v6cdviewer\bin\astudycachemgr.exe

FirewallRules: [{F4D81495-7EA9-445E-9A95-C6120293CD35}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{C3D79956-DEFF-491D-8D7F-7462313679F6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [UDP Query User{5C70F760-1CD4-479E-BAFD-417F59CE7E21}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [{AD277F47-71A9-44A9-BD02-29ADB0F6F648}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-08-2016 14:50:30 Scheduled Checkpoint

16-09-2016 23:22:34 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/17/2016 12:31:53 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2016 11:47:28 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (09/16/2016 11:07:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (09/16/2016 10:59:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/24/2016 07:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/21/2016 12:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/11/2016 10:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/08/2016 02:40:25 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/06/2016 02:09:27 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (08/05/2016 08:32:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

System errors:

=============

Error: (09/16/2016 11:54:19 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CB-CATHY-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B6F7FB7-750F-4D7D-B32D-32EC8839127A}.

The master browser is stopping or an election is being forced.

Error: (09/16/2016 11:42:21 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CB-CATHY-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B6F7FB7-750F-4D7D-B32D-32EC8839127A}.

The master browser is stopping or an election is being forced.

Error: (09/16/2016 11:32:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.307.0

Update Source: Microsoft Update Server

Update Stage: Download

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/16/2016 11:32:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.307.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/16/2016 11:32:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.307.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/16/2016 11:18:20 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer CB-CATHY-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B6F7FB7-750F-4D7D-B32D-32EC8839127A}.

The master browser is stopping or an election is being forced.

Error: (09/16/2016 11:07:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 116.22.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.12706.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/16/2016 11:07:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.266.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/16/2016 11:07:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.266.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft....5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (09/16/2016 11:07:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.227.266.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13000.0

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:

===================================

Date: 2015-08-19 19:27:10.866

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-19 19:27:10.858

Date: 2015-08-19 19:27:10.850

Date: 2015-08-19 19:27:10.840

Date: 2015-08-19 19:27:10.804

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-19 19:27:10.794

Date: 2015-08-19 19:27:10.785

Date: 2015-08-19 19:27:10.775

Date: 2015-08-19 19:27:10.649

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-19 19:27:10.632

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz

Percentage of memory in use: 55%

Total physical RAM: 3950.1 MB

Available physical RAM: 1738.87 MB

Total Virtual: 7898.38 MB

Available Virtual: 5290.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:20.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 77C79504)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,144 views	wayneman50 17 Aug 2023
Answered Software → Web Browsers and Email → Delay in "Save As" prompt in Chrome Started by Solice93 , 23 Jan 2022 Chrome, browser, google chrome and 1 more...	12 replies 2,037 views	Solice93 26 Jan 2022
Security → Virus, Spyware, Malware Removal → Laptop hangs often [Solved] Started by Hari Prahlad , 08 Mar 2021 Firefox, Chrome, Kaspersky and 1 more... 1 2 3	Hot 33 replies 9,543 views	DR M 17 Mar 2021
Security → Virus, Spyware, Malware Removal → Google Chrome keeps getting the default search set to Yahoo [Closed] Started by rocket-ron , 02 Oct 2020 chrome, changed default search and 1 more...	5 replies 2,819 views	Gary R 10 Oct 2020
Operating Systems → Google Android → EM2location Started by Parannoya , 22 Aug 2020 Android, Google, Youtube, Twitter and 2 more...	1 reply 17,083 views	zep516 22 Aug 2020

#1
Valeria

Posted 17 September 2016 - 09:52 PM

Advertisements

#2
Valeria

Posted 18 September 2016 - 09:18 PM

Similar Topics

Also tagged with one or more of these keywords: Google, Chrome, login

HP desktop - google.com is in Norwegian [Solved]

Delay in "Save As" prompt in Chrome

Laptop hangs often [Solved]

Google Chrome keeps getting the default search set to Yahoo [Closed]

EM2location

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Google Chrome hijacked

#1 Valeria Posted 17 September 2016 - 09:52 PM

Advertisements

#2 Valeria Posted 18 September 2016 - 09:18 PM

Similar Topics

Also tagged with one or more of these keywords: Google, Chrome, login

0 user(s) are reading this topic

As Featured On:

Connect With Us

Sign In

#1
Valeria

Posted 17 September 2016 - 09:52 PM

#2
Valeria

Posted 18 September 2016 - 09:18 PM