Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware, looking to make sure I don't have any.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vivalas

Vivalas

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 27 November 2015 - 02:52 PM

Referred from this thread: http://www.bleepingcomputer.com/forums/t/597021/think-i-may-have-some-bad-virus/
 
I would honestly like to make sure that there is no malware on my system and have been referred to this area.
 
(Logs)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by Tyr Pett (administrator) on SUPREME-PC (27-11-2015 11:09:24)
Running from C:\Users\Tyr Pett\Downloads
Loaded Profiles: Tyr Pett (Available Profiles: Christina & Tyr Pett)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GTLite.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
( ) C:\Program Files (x86)\BYOND\bin\byond.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Sysinternals - www.sysinternals.com) C:\Users\Tyr Pett\Desktop\Procmon\Procmon.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Sysinternals - www.sysinternals.com) C:\Users\Tyr Pett\AppData\Local\Temp\Procmon64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\MountPoints2: D - "D:\autorun.exe" 
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\MountPoints2: G - "G:\RZRSETUP.EXE" 
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\MountPoints2: {73e2e490-ac45-11e4-824f-806e6f6e6963} - "E:\autorun.exe" 
HKU\S-1-5-21-913223069-1169545078-680668502-1002\...\MountPoints2: {8b3c867d-2a34-11e5-8272-acd1b81d757c} - "K:\autorun.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{810423BA-42DD-4B6D-B16E-C0F9BE71C1A4}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{BAD3F2F9-3871-4D69-8C2D-734BB153178E}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-913223069-1169545078-680668502-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-913223069-1169545078-680668502-1002 -> DefaultScope {28C2D800-4FEB-4E20-B0B9-73F6F87622DE} URL = 
SearchScopes: HKU\S-1-5-21-913223069-1169545078-680668502-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US105D20150426&p={searchTerms}
SearchScopes: HKU\S-1-5-21-913223069-1169545078-680668502-1002 -> {EB4B1891-6392-4297-8054-C6E09F5CE86F} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-913223069-1169545078-680668502-1002: @nsroblox.roblox.com/launcher -> C:\Users\Tyr Pett\AppData\Local\Roblox\Versions\version-51d5664488a442be\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-913223069-1169545078-680668502-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Tyr Pett\AppData\Local\Roblox\Versions\version-51d5664488a442be\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_32&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0EyB0FzyyCyEzytAtB0B0BtN0D0Tzu0StCtAtCyCtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0F0EyE0E0B0CtGtCyE0D0BtG0FyD0FzztGtCtDyDtCtGzz0EtCyCtDyBzytA0AtByBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0AtCyCyDtDtBtGtBtB0DtDtGyEtC0DyDtG0A0DtCzztGtAyC0EtAtAtDzz0DzyzzyB0F2QtN0A0LzuyE%26cr%3D74646034%26a%3Dwncy_pwrisofs_15_32%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0EyB0FzyyCyEzytAtB0B0BtN0D0Tzu0StCtAtCyCtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0F0EyE0E0B0CtGtCyE0D0BtG0FyD0FzztGtCtDyDtCtGzz0EtCyCtDyBzytA0AtByBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0AtCyCyDtDtBtGtBtB0DtDtGyEtC0DyDtG0A0DtCzztGtAyC0EtAtAtDzz0DzyzzyB0F2QtN0A0LzuyE%26cr%3D74646034%26a%3Dwncy_pwrisofs_15_32%26os%3DWindows%2B8.1"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (SiteAdvisor) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (GitHub Notifier) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjdlojahmbbcodnpecnjnmlddbkjhnn [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2015-07-07]
CHR Extension: (Gmail) - C:\Users\Tyr Pett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [46792 2015-06-19] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [114888 2015-10-20] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-29] (EasyAntiCheat Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-08] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 11:09 - 2015-11-27 11:09 - 00023856 _____ C:\Users\Tyr Pett\Downloads\FRST.txt
2015-11-27 11:07 - 2015-11-27 11:09 - 00000000 ____D C:\FRST
2015-11-27 11:06 - 2015-11-27 11:07 - 02348544 _____ (Farbar) C:\Users\Tyr Pett\Downloads\FRST64.exe
2015-11-27 11:00 - 2015-11-27 11:00 - 00000000 ___RD C:\Users\Tyr Pett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-20 19:27 - 2015-11-23 15:16 - 00000000 ____D C:\Users\Tyr Pett\Desktop\-tg-station-master
2015-11-20 19:22 - 2015-11-20 19:25 - 61097790 _____ C:\Users\Tyr Pett\Downloads\-tg-station-master.zip
2015-11-20 18:34 - 2015-11-20 18:37 - 07435012 _____ C:\Users\Tyr Pett\Desktop\SUPREME-PC.arn
2015-11-20 18:31 - 2015-11-20 18:31 - 00606643 _____ C:\Users\Tyr Pett\Downloads\Autoruns.zip
2015-11-20 18:23 - 2015-11-20 18:24 - 00035548 _____ C:\Users\Tyr Pett\Desktop\MTB.txt
2015-11-20 18:23 - 2015-11-20 18:22 - 00891392 _____ (Farbar) C:\Users\Tyr Pett\Desktop\MiniToolBox.exe
2015-11-20 18:22 - 2015-11-20 18:22 - 00891392 _____ (Farbar) C:\Users\Tyr Pett\Downloads\MiniToolBox.exe
2015-11-19 17:19 - 2015-07-05 04:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-19 17:16 - 2015-11-20 18:32 - 00000000 ____D C:\Users\Tyr Pett\Desktop\Procmon
2015-11-19 17:16 - 2015-11-19 17:16 - 00967601 _____ C:\Users\Tyr Pett\Downloads\ProcessMonitor.zip
2015-11-19 14:12 - 2015-11-19 14:12 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Shark Punch
2015-11-18 13:11 - 2015-11-18 13:11 - 00000000 ____D C:\Users\Christina\AppData\Local\GWX
2015-11-18 13:11 - 2015-11-18 13:11 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2015-11-17 17:09 - 2015-11-17 17:09 - 00000000 ____D C:\Users\Tyr Pett\Documents\Flight Simulator X Files
2015-11-17 17:06 - 2015-11-17 17:06 - 05289984 _____ C:\Users\Tyr Pett\Downloads\msxmlfra.msi
2015-11-17 17:06 - 2015-11-17 17:06 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-11-17 17:05 - 2015-11-17 17:05 - 00786016 _____ (Microsoft Corporation) C:\Users\Tyr Pett\Downloads\msxml4msms.exe
2015-11-17 17:03 - 2015-11-17 17:03 - 00000000 ____D C:\Program Files (x86)\DirectX9
2015-11-17 17:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-11-17 17:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-11-17 17:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-11-17 17:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-11-17 17:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-11-17 17:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-11-17 17:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-11-17 17:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-11-17 17:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-11-17 17:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-11-17 17:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-11-17 17:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-11-17 17:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-11-17 17:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-11-17 17:03 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-11-17 17:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-11-17 17:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-11-17 17:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-11-17 17:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-11-17 17:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-11-17 17:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-11-17 17:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-11-16 18:37 - 2015-11-16 18:37 - 00001314 _____ C:\Users\Tyr Pett\Desktop\Microsoft Flight Simulator X.lnk
2015-11-16 17:39 - 2015-11-16 17:43 - 00000000 ____D C:\Users\Tyr Pett\Documents\MSFX
2015-11-16 17:35 - 2015-11-20 17:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-11-15 16:05 - 2015-11-15 16:05 - 00000000 ____D C:\Users\Tyr Pett\AppData\LocalLow\BitTorrent
2015-11-14 16:30 - 2015-11-20 16:55 - 00000000 ____D C:\Users\Tyr Pett\OneDrive
2015-11-14 14:22 - 2015-11-14 14:22 - 00000131 _____ C:\Users\Tyr Pett\.gitconfig
2015-11-13 17:57 - 2015-11-13 17:57 - 00000000 ____D C:\Users\Tyr Pett\Tracing
2015-11-13 17:54 - 2015-11-23 11:56 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\Skype
2015-11-13 17:54 - 2015-11-13 17:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-13 17:54 - 2015-11-13 17:54 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\Skype
2015-11-13 17:54 - 2015-11-13 17:54 - 00000000 ____D C:\ProgramData\Skype
2015-11-13 17:54 - 2015-11-13 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-13 17:52 - 2015-11-13 17:52 - 01504376 _____ (Skype Technologies S.A.) C:\Users\Tyr Pett\Downloads\SkypeSetup.exe
2015-11-13 17:50 - 2015-11-13 17:51 - 23972215 _____ C:\Users\Tyr Pett\Downloads\Work.zip
2015-11-12 09:34 - 2015-11-12 09:34 - 00004038 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-12 09:34 - 2015-11-12 09:34 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-12 09:34 - 2015-11-12 09:34 - 00003228 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-12 09:34 - 2015-11-12 09:34 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-12 09:34 - 2015-11-12 09:34 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-10 19:26 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 19:26 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 19:26 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 19:26 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 19:26 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 19:26 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 19:26 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 19:26 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 19:26 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-10 19:26 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 19:26 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 19:26 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 19:26 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 19:26 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 19:26 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 19:26 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-10 19:26 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 19:26 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 19:26 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 19:26 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 19:26 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 19:26 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 19:26 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 19:26 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 19:26 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 19:26 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 19:26 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 19:26 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-10 19:26 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 19:26 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 19:26 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 19:26 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 19:26 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 19:26 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 19:26 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 19:26 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 19:26 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 19:26 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 19:26 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 19:26 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 19:26 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-10 19:26 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 19:26 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-10 19:26 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 19:26 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 19:26 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 19:26 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 19:26 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 19:26 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 19:26 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-10 19:26 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-10 19:26 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 19:26 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 19:26 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 19:26 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 19:26 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-10 19:26 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 19:26 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 19:26 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-10 19:26 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 19:26 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-10 19:26 - 2015-09-29 06:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-10 19:26 - 2015-09-12 07:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-10 19:26 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-10 19:26 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-10 19:26 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-10 19:26 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-10 19:26 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-10 19:26 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-10 19:26 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-10 19:26 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-10 19:26 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-10 19:26 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-10 19:26 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:26 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-10 19:26 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-10 19:26 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-10 19:26 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-07 21:55 - 2015-11-07 21:55 - 00002262 _____ C:\Users\Tyr Pett\Desktop\SWAT 4.lnk
2015-11-07 21:55 - 2015-11-07 21:55 - 00002262 _____ C:\Users\Christina\Desktop\SWAT 4.lnk
2015-11-07 21:55 - 2015-11-07 21:55 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2015-11-07 21:55 - 2015-11-07 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2015-11-07 21:52 - 2015-11-07 21:52 - 00000000 ____D C:\Program Files (x86)\Sierra
2015-11-07 21:33 - 2015-11-07 21:56 - 00000000 ____D C:\Users\Tyr Pett\Desktop\PulseCity
2015-11-07 21:22 - 2015-11-07 21:35 - 54991150 _____ C:\Users\Tyr Pett\Downloads\GMStudio-Installer-1.4.1657.exe
2015-11-06 17:56 - 2015-11-25 19:02 - 00000000 ____D C:\Users\Tyr Pett\Desktop\Paradise-master
2015-11-06 17:50 - 2015-11-06 17:52 - 94471680 _____ C:\Users\Tyr Pett\Downloads\Paradise-master (1).zip
2015-11-06 13:14 - 2015-11-06 13:14 - 00001689 _____ C:\Users\Public\Desktop\Door Kickers.lnk
2015-11-06 13:14 - 2015-11-06 13:14 - 00000000 ____D C:\Users\Tyr Pett\Documents\KillHouseGames
2015-11-06 13:14 - 2015-11-06 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Door Kickers [GOG.com]
2015-11-03 17:31 - 2015-11-03 17:31 - 02692308 _____ C:\Users\Tyr Pett\Downloads\Factions-2.8.2.zip
2015-11-03 17:05 - 2015-11-03 17:05 - 20511175 _____ C:\Users\Tyr Pett\Downloads\spigot-1.7.10-R0.1-SNAPSHOTBuild1544.jar
2015-11-03 17:02 - 2015-11-03 17:02 - 01035670 _____ C:\Users\Tyr Pett\Downloads\Essentials (1).zip
2015-11-03 16:59 - 2015-11-03 16:59 - 01583804 _____ C:\Users\Tyr Pett\Downloads\worldedit-bukkit-6.1.jar
2015-11-03 16:43 - 2015-11-03 16:43 - 01035670 _____ C:\Users\Tyr Pett\Downloads\Essentials.zip
2015-11-03 16:39 - 2015-11-03 16:40 - 19556713 _____ C:\Users\Tyr Pett\Downloads\spigot_server.jar
2015-11-03 16:34 - 2015-11-03 16:34 - 08718628 _____ C:\Users\Tyr Pett\Downloads\minecraft_server.1.8.8.exe
2015-11-03 16:34 - 2015-11-03 16:34 - 00000184 _____ C:\Users\Tyr Pett\Downloads\eula.txt
2015-11-03 16:32 - 2015-11-03 17:31 - 00000000 ____D C:\Users\Tyr Pett\Desktop\1.8BUkkit
2015-11-03 16:32 - 2015-11-03 16:32 - 08811998 _____ C:\Users\Tyr Pett\Downloads\minecraft_server.15w44b.jar
2015-11-03 16:31 - 2015-11-03 16:32 - 08322852 _____ C:\Users\Tyr Pett\Downloads\minecraft_server.1.8.8.jar
2015-11-02 17:04 - 2015-11-02 17:06 - 02346253 _____ C:\Users\Tyr Pett\Downloads\forge-1.6.4-9.11.1.1345-installer-win.exe
2015-11-02 16:11 - 2015-11-02 17:05 - 00000000 ____D C:\Users\Tyr Pett\Desktop\TekkitServer
2015-11-02 16:05 - 2015-11-02 16:08 - 84844651 _____ C:\Users\Tyr Pett\Downloads\Tekkit_Server_v1.2.9g.zip
2015-11-02 11:43 - 2015-11-02 11:43 - 00755381 _____ C:\Users\Tyr Pett\Downloads\JABBA_1.1.4.zip
2015-11-02 11:41 - 2015-11-02 11:41 - 01410748 _____ C:\Users\Tyr Pett\Downloads\Minechem-1.6.4-5.0.5.FINAL.jar
2015-11-01 15:31 - 2015-11-01 15:31 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\Sun
2015-11-01 15:31 - 2015-11-01 15:31 - 00000000 ____D C:\Users\Tyr Pett\.oracle_jre_usage
2015-11-01 15:30 - 2015-11-01 15:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-11-01 15:30 - 2015-11-01 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-01 15:30 - 2015-11-01 15:30 - 00000000 ____D C:\Program Files\Java
2015-11-01 15:25 - 2015-11-01 15:25 - 00000000 ____D C:\Users\Tyr Pett\AppData\LocalLow\Oracle
2015-11-01 15:23 - 2015-11-01 15:24 - 56923232 _____ (Oracle Corporation) C:\Users\Tyr Pett\Downloads\jre-8u65-windows-x64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 11:09 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS
2015-11-27 11:05 - 2015-09-30 17:58 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\Adobe
2015-11-27 11:02 - 2015-09-30 18:10 - 00000000 ___RD C:\Users\Tyr Pett\Creative Cloud Files
2015-11-27 11:00 - 2015-03-28 17:19 - 00000000 ____D C:\Users\Tyr Pett\Documents\Bluetooth Folder
2015-11-26 13:47 - 2015-03-28 17:20 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-25 19:01 - 2015-06-13 13:38 - 00000000 ____D C:\Users\Tyr Pett\Documents\BYOND
2015-11-24 16:28 - 2015-04-12 10:05 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\CrashDumps
2015-11-20 21:32 - 2015-03-28 17:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-913223069-1169545078-680668502-1002
2015-11-20 18:08 - 2015-03-28 17:11 - 00000000 ____D C:\Users\Christina
2015-11-20 17:01 - 2015-02-04 02:28 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-20 17:00 - 2015-04-10 15:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-20 16:58 - 2014-03-18 03:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 16:58 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2015-11-20 16:55 - 2015-09-30 18:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-20 16:54 - 2015-07-24 09:31 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\GameTracker
2015-11-20 16:53 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-20 16:41 - 2015-03-28 17:13 - 00000000 ____D C:\Users\Christina\Documents\Bluetooth Folder
2015-11-20 16:35 - 2015-04-06 13:12 - 00000000 ____D C:\Users\Christina\AppData\LocalLow\RbxLogs
2015-11-20 13:29 - 2015-03-28 19:34 - 00000000 ____D C:\ProgramData\WRData
2015-11-20 13:28 - 2015-04-06 13:15 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-913223069-1169545078-680668502-1001
2015-11-20 13:25 - 2015-03-28 17:14 - 00000000 ____D C:\Users\Christina\OneDrive
2015-11-20 11:30 - 2015-05-11 14:04 - 00000000 ____D C:\Users\Christina\AppData\Local\CrashDumps
2015-11-19 17:26 - 2015-06-07 14:44 - 00000000 ____D C:\Users\Tyr Pett\Documents\GitHub
2015-11-19 17:14 - 2015-05-07 17:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 17:11 - 2015-06-07 14:44 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\GitHub
2015-11-19 17:11 - 2015-06-07 14:44 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\GitHub
2015-11-19 12:57 - 2015-04-06 13:13 - 00001370 _____ C:\Users\Christina\Desktop\ROBLOX Player.lnk
2015-11-19 12:57 - 2015-04-06 13:12 - 00001185 _____ C:\Users\Christina\Desktop\ROBLOX Studio.lnk
2015-11-19 12:57 - 2015-04-06 13:12 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-11-19 12:45 - 2015-03-28 17:11 - 00000000 ____D C:\Users\Christina\AppData\Local\Packages
2015-11-19 12:43 - 2015-03-28 17:17 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\Packages
2015-11-19 12:43 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-19 12:43 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\LocalLow\EmieUserList
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\LocalLow\EmieSiteList
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\LocalLow\EmieBrowserModeList
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieUserList
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieSiteList
2015-11-18 13:11 - 2015-04-06 13:10 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieBrowserModeList
2015-11-18 13:11 - 2015-03-28 17:12 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Adobe
2015-11-17 17:05 - 2015-04-10 15:58 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\Steam
2015-11-17 16:59 - 2015-03-28 17:17 - 00000000 ____D C:\Users\Tyr Pett
2015-11-17 00:22 - 2015-04-25 13:55 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\BitTorrent
2015-11-15 13:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-11-14 17:55 - 2013-08-22 08:44 - 00371664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 17:53 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-14 17:53 - 2013-08-22 07:25 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-11-14 14:22 - 2015-06-07 14:44 - 00002199 _____ C:\Users\Tyr Pett\Desktop\Git Shell.lnk
2015-11-14 14:22 - 2015-03-28 17:20 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\Deployment
2015-11-12 09:34 - 2015-02-04 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-10 19:35 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-10 19:31 - 2015-03-30 16:17 - 00000000 ____D C:\Windows\system32\MRT
2015-11-10 19:27 - 2015-03-30 16:17 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-10 18:25 - 2015-06-13 13:38 - 00001937 _____ C:\Users\Public\Desktop\BYOND.lnk
2015-11-10 17:48 - 2015-03-28 17:21 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-08 23:53 - 2015-02-04 02:33 - 00000000 ____D C:\Program Files\Dell
2015-11-07 21:55 - 2015-02-04 02:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-07 21:31 - 2015-07-12 15:53 - 00000000 ____D C:\Users\Tyr Pett\Desktop\Battleship_Commander
2015-11-07 21:23 - 2015-03-28 17:17 - 00000000 ____D C:\Users\Tyr Pett\AppData\Local\VirtualStore
2015-11-06 13:13 - 2015-08-08 15:40 - 00000000 ____D C:\GOG Games
2015-11-04 21:11 - 2015-10-19 13:25 - 00001127 _____ C:\Users\Tyr Pett\Desktop\nativelog.txt
2015-11-04 17:48 - 2015-04-26 14:56 - 00000000 ____D C:\Users\Tyr Pett\AppData\Roaming\.minecraft
2015-11-02 18:23 - 2013-08-22 09:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-02 18:23 - 2013-08-22 09:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 15:25 - 2015-04-26 13:29 - 00000000 ____D C:\ProgramData\Oracle
 
==================== Files in the root of some directories =======
 
2015-06-09 13:41 - 2015-06-09 13:41 - 0007599 _____ () C:\Users\Tyr Pett\AppData\Local\Resmon.ResmonCfg
2015-02-04 02:24 - 2015-02-04 02:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-04 02:22 - 2015-02-04 02:23 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-02-04 02:20 - 2015-02-04 02:21 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-02-04 02:21 - 2015-02-04 02:21 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-02-04 02:21 - 2015-02-04 02:22 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-02-04 02:20 - 2015-02-04 02:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\wruninstall.exe
C:\Users\Christina\AppData\Local\Temp\WRupdate1729828.exe
C:\Users\Christina\AppData\Local\Temp\WRupdate1735625.exe
C:\Users\Christina\AppData\Local\Temp\WRupdate393328.exe
C:\Users\Christina\AppData\Local\Temp\WRupdate412921.exe
C:\Users\Tyr Pett\AppData\Local\Temp\fwfo.dll
C:\Users\Tyr Pett\AppData\Local\Temp\Procmon64.exe
C:\Users\Tyr Pett\AppData\Local\Temp\WRFirewallInstall.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-25 04:45
 
==================== End of FRST.txt ============================
 
Mod Edit:  Merged posts - Hamluis.
 
I opened this thread when I found malware RogueJS/Fakecall.d when I did a scan because I noticed my computer was running extremely slow. I know slow computers aren't a sign of malware but I have never had any problems with my computer's perfromance and don't believe that it is not malware related/.

Attached Files


Edited by hamluis, 27 November 2015 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:03 PM

Posted 28 November 2015 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-913223069-1169545078-680668502-1002 -> DefaultScope {28C2D800-4FEB-4E20-B0B9-73F6F87622DE} URL =
SearchScopes: HKU\S-1-5-21-913223069-1169545078-680668502-1002 -> {EB4B1891-6392-4297-8054-C6E09F5CE86F} URL =
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_32&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0EyB0FzyyCyEzytAtB0B0BtN0D0Tzu0StCtAtCyCtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0F0EyE0E0B0CtGtCyE0D0BtG0FyD0FzztGtCtDyDtCtGzz0EtCyCtDyBzytA0AtByBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0AtCyCyDtDtBtGtBtB0DtDtGyEtC0DyDtG0A0DtCzztGtAyC0EtAtAtDzz0DzyzzyB0F2QtN0A0LzuyE%26cr%3D74646034%26a%3Dwncy_pwrisofs_15_32%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0EyB0FzyyCyEzytAtB0B0BtN0D0Tzu0StCtAtCyCtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0F0EyE0E0B0CtGtCyE0D0BtG0FyD0FzztGtCtDyDtCtGzz0EtCyCtDyBzytA0AtByBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0AtCyCyDtDtBtGtBtB0DtDtGyEtC0DyDtG0A0DtCzztGtAyC0EtAtAtDzz0DzyzzyB0F2QtN0A0LzuyE%26cr%3D74646034%26a%3Dwncy_pwrisofs_15_32%26os%3DWindows%2B8.1"

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Any remaining issues?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:03 PM

Posted 03 December 2015 - 08:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users