Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected hijack of computer + spyware/malware


  • Please log in to reply
1 reply to this topic

#1 Arlo1234

Arlo1234

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 11 January 2016 - 10:11 PM

Hi,

 

I suspect that my computer has been compromised/hijacked.

 

I have been having warnings of suspicious activity from my banking and social media sites and my web browser seems slower than usual.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Mike (administrator) on MIKE-PC (11-01-2016 22:00:43)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C3ED939E-67C6-4C3A-98B9-87FBA63EA90C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> {B1610118-99AA-4713-8EAC-100D48AE2214} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.amazon.ca/Organika--Pycnogenol-25-milligrams-tablets/dp/B00CORNSJW/ref=sr_1_3?&ie=UTF8&qid=1439572530&sr=8-3&keywords=pycnogenol
hxxp://neuroangio.org/anatomy-and-variants/anterior-cerebral-artery/
hxxp://www.wikihow.com/Clear-Blood-Clots-Naturally
hxxp://njcc.nl/sites/default/files/pdf/NJCC%2004%20casereport_Heidt_0.pdf
hxxp://www.healthcare-online.org/Hard-Lump-on-Jaw-Line.html
hxxp://www.strokeassociation.org/STROKEORG/AboutStroke/TypesofStroke/TIA/TIA-Transient-Ischemic-Attack_UCM_310942_Article.jsp
hxxp://www.ncbi.nlm.nih.gov/pubmed/18609128
hxxp://www.webmd.com/digestive-disorders/aspartate-aminotransferase-ast
hxxp://www.webmd.com/digestive-disorders/alanine-aminotransferase-alt
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\searchplugins\styleforum.xml [2015-08-20]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\searchplugins\youtube-video-search.xml [2015-08-03]
FF Extension: User Agent Switcher - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-05-28]
FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-31]
FF Extension: Flashblock - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c1jmx44y.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-05] [not signed]
FF HKU\S-1-5-21-3366800280-3059602650-2035242441-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2014-01-13] (Freemake) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Cdr4_2K; C:\Windows\SysWow64\Drivers\Cdr4_2K.sys [52720 2015-05-27] (Adaptec)
S2 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [22585 2015-05-27] (Adaptec) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 22:00 - 2016-01-11 22:01 - 00013833 _____ C:\Users\Mike\Desktop\FRST.txt
2016-01-11 21:59 - 2016-01-11 21:59 - 02370560 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2016-01-11 21:13 - 2016-01-11 21:13 - 00090744 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-11 21:12 - 2016-01-11 21:12 - 00683704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-06 20:36 - 2016-01-11 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 14:32 - 2016-01-11 21:12 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-12-28 14:32 - 2016-01-11 14:04 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-12-20 08:59 - 2016-01-10 21:37 - 00000000 ____D C:\Users\Mike\Desktop\Number (N)ine - Takahiro Miyableepa - The Soloist

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 22:00 - 2015-07-14 20:32 - 00000000 ____D C:\FRST
2016-01-11 22:00 - 2015-03-14 10:26 - 00000000 ____D C:\Users\Mike\Desktop\Misc 3
2016-01-11 21:56 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-11 21:56 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-11 21:17 - 2014-01-06 22:37 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2016-01-11 21:12 - 2014-01-05 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-11 21:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-11 21:07 - 2015-05-29 15:46 - 00000000 ____D C:\Users\Mike\Desktop\CLOTHES
2016-01-11 21:07 - 2015-05-26 05:48 - 00000000 ____D C:\Users\Mike\Desktop\RAF SIMONS 1
2016-01-11 21:03 - 2014-01-22 19:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-11 14:02 - 2014-01-05 18:04 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate
2016-01-11 14:02 - 2014-01-05 18:04 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP Support Assistant
2016-01-10 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-10 21:36 - 2014-01-23 06:21 - 00000000 ____D C:\Users\Mike\Desktop\STUFF FOR SALE
2016-01-10 10:28 - 2015-05-23 09:18 - 00000000 ____D C:\Users\Mike\Desktop\CDG
2016-01-07 22:08 - 2014-01-13 14:52 - 00000000 ____D C:\Users\Mike\Documents\MIKE
2016-01-02 08:45 - 2015-12-05 18:13 - 00000000 ____D C:\Users\Mike\Desktop\Yves Saint Laurent (Hedi Slimane)
2016-01-02 04:03 - 2014-01-22 19:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 04:03 - 2014-01-06 19:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 04:03 - 2014-01-06 19:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 10:01 - 2014-01-06 08:25 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-12-30 17:00 - 2015-01-11 07:34 - 00000000 ____D C:\Users\Mike\Desktop\Streetwear FAVES
2015-12-29 07:07 - 2014-01-05 20:40 - 00000000 ____D C:\Users\Mike
2015-12-24 09:39 - 2014-01-10 16:17 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-19 07:15 - 2014-01-29 18:26 - 00000000 ____D C:\Users\Mike\Documents\Calla's Videos
2015-12-19 03:00 - 2015-08-17 18:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-19 03:00 - 2015-04-04 21:47 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2014-01-24 21:56 - 2015-06-22 20:21 - 0000964 _____ () C:\Users\Mike\AppData\Roaming\wklnhst.dat
2014-01-05 19:46 - 2015-07-16 20:52 - 0003259 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 00:18

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:00 PM

Posted 16 January 2016 - 02:57 PM

hi Arlo1234,

 

At a glance dont see much to be worried about, some optional things maybe. Is your updated AV and Malwarebytes coming up clean after a scan?

What warnings from your bank/social sites are you seeing?


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users