Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
9 replies to this topic

#1 Corey1690

Corey1690

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 22 April 2016 - 09:16 PM

Hello and thank you for your time! 

I am a longtime browser of BleepingComputer but this is one of the few times I've ever created a post so bear with me.



Just recently, I noticed some funny business going on with my computer after connecting to a Steam "friend"'s server from an Early Access game. I can't be certain that this was the culprit... But at one point, these folks convinced me to forward a port which I cannot remember, some year or so ago. Ever since, my network has been doing suspicious things, and my computer itself seems to be running slower and slower as time goes on.  It took a long time for me to clue in that something was going on here, but eventually, I ran a few free antivirus programs, namely Spybot, TDSSKiller, etc and removed some things that didn't seem to raise too many alarms in my mind: some adware here and there from movie streaming and what not...

However What caused me the most alarm was that I noticed when I went into the Spybot settings, under "Scope", I was  given the option to scan any inactive/external systems.. When I clicked "show currently loaded hives", it listed a "PE_C_Public" network,  followed by some user: S-1-5-21-726371531-3410083644-3767233514-500".  These were visable in the Hkey Users tab, but i was unable to actually access the keys to the PE_C_Public due to access issues? Strange, since I am Admin.   What's stranger.. is that sometimes this loaded drive disappears.. only to come back again. I ran combofix a couple times to be sure.. but I can't seem to make out the log, all I know is that there are many registries locked.

My question is, could one of you kind folks analyze my log and tell me if there is anything remaining that I should be concerned about?  Thanks!

Edit: I can't seem to attach the Combofix txt, so I will list it here for you: ComboFix 16-04-13.01 - Allan 04/21/2016   6:48.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16361.12527 [GMT -4:00]
Running from: c:\users\Allan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-21 to 2016-04-21  )))))))))))))))))))))))))))))))
.
.
2016-04-21 10:51 . 2016-04-21 10:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-04-21 10:51 . 2016-04-21 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-21 10:51 . 2016-04-21 10:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-21 03:48 . 2016-04-21 03:48 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA0147BC-3773-4EDD-9CB5-494E1C9E8052}\offreg.140.dll
2016-04-20 10:34 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA0147BC-3773-4EDD-9CB5-494E1C9E8052}\mpengine.dll
2016-04-20 06:37 . 2016-04-20 06:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-04-19 07:35 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-04-15 07:34 . 2016-02-27 10:10 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{045ABA8E-A9A3-43E7-8827-4C870C7EDE77}\gapaengine.dll
2016-04-06 01:52 . 2016-04-06 01:52 -------- d-----w- c:\users\Allan\AppData\Local\SKIDROW
2016-04-06 01:50 . 2016-04-06 01:50 -------- d-----w- c:\users\Allan\AppData\Roaming\Sins of a Solar Empire - Rebellion
2016-03-29 21:24 . 2016-03-21 20:01 56384 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-03-29 21:24 . 2016-03-21 20:01 109632 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-03-29 21:24 . 2016-03-21 20:01 100416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 04:44 . 2012-05-20 07:15 380 ----a-w- c:\users\Allan\AppData\Roaming\sp_data.sys
2016-04-20 06:37 . 2015-04-23 06:53 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-13 23:45 . 2011-10-16 06:10 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-04-13 07:02 . 2011-10-17 04:26 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-07 23:02 . 2012-04-13 22:58 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-07 23:02 . 2011-10-24 01:17 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-30 01:06 . 2015-07-31 19:09 1373680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-03-30 01:06 . 2015-07-31 19:09 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-03-30 01:05 . 2016-03-17 05:26 112216 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-03-30 01:05 . 2015-07-31 19:09 1767248 ----a-w- c:\windows\system32\nvspcap64.dll
2016-03-30 01:05 . 2015-07-31 19:09 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-03-17 22:24 . 2016-04-12 19:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-08 10:07 . 2016-03-17 05:32 39240 ----a-w- c:\windows\system32\nvhdap64.dll
2016-03-08 10:07 . 2016-03-17 05:32 205456 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2016-03-08 10:07 . 2016-03-17 05:32 16439328 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-03-08 10:07 . 2016-03-17 05:32 956984 ----a-w- c:\windows\system32\NvFBC64.dll
2016-03-08 10:07 . 2016-03-17 05:32 886840 ----a-w- c:\windows\system32\NvIFR64.dll
2016-03-08 10:07 . 2016-03-17 05:32 8658120 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-03-08 10:07 . 2016-03-17 05:32 749504 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-03-08 10:07 . 2016-03-17 05:32 693816 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-03-08 10:07 . 2016-03-17 05:32 678520 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-03-08 10:07 . 2016-03-17 05:32 571912 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-03-08 10:07 . 2016-03-17 05:32 42968120 ----a-w- c:\windows\system32\nvcompiler.dll
2016-03-08 10:07 . 2016-03-17 05:32 37609528 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-03-08 10:07 . 2016-03-17 05:32 3233336 ----a-w- c:\windows\system32\nvcuvid.dll
2016-03-08 10:07 . 2016-03-17 05:32 2808768 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-03-08 10:07 . 2016-03-17 05:32 22932928 ----a-w- c:\windows\system32\nvoglv64.dll
2016-03-08 10:07 . 2016-03-17 05:32 21313024 ----a-w- c:\windows\system32\nvopencl.dll
2016-03-08 10:07 . 2016-03-17 05:32 20854680 ----a-w- c:\windows\system32\nvcuda.dll
2016-03-08 10:07 . 2016-03-17 05:32 1924152 ----a-w- c:\windows\system32\nvdispco6436451.dll
2016-03-08 10:07 . 2016-03-17 05:32 18879544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-03-08 10:07 . 2016-03-17 05:32 17725040 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-03-08 10:07 . 2016-03-17 05:32 17318184 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-03-08 10:07 . 2016-03-17 05:32 1571776 ----a-w- c:\windows\system32\nvdispgenco6436451.dll
2016-03-08 10:07 . 2016-03-17 05:32 12564024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-03-08 10:07 . 2016-03-17 05:32 10546944 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-03-08 10:07 . 2015-07-31 19:07 3283896 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-03-08 10:07 . 2015-07-31 19:07 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-03-08 10:07 . 2014-02-19 03:55 1572496 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-03-08 10:07 . 2014-02-19 03:55 17246680 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-03-08 10:07 . 2012-11-24 05:18 213952 ----a-w- c:\windows\system32\OpenCL.dll
2016-03-08 10:07 . 2012-11-24 05:18 201664 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-03-08 10:07 . 2012-05-22 17:51 18990976 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-03-08 10:07 . 2012-05-22 17:51 3711024 ----a-w- c:\windows\system32\nvapi64.dll
2016-03-08 06:27 . 2012-11-24 05:18 2994232 ----a-w- c:\windows\system32\nvsvc64.dll
2016-03-08 06:27 . 2012-11-24 05:18 6369728 ----a-w- c:\windows\system32\nvcpl.dll
2016-03-08 06:27 . 2012-11-24 05:18 2561472 ----a-w- c:\windows\system32\nvsvcr.dll
2016-03-08 06:27 . 2012-11-24 05:18 1264064 ----a-w- c:\windows\system32\nvvsvc.exe
2016-03-08 06:27 . 2016-03-17 05:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-03-08 06:27 . 2016-03-17 05:34 532536 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-03-08 06:27 . 2012-11-24 05:18 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-03-08 06:27 . 2012-11-24 05:18 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-03-08 06:15 . 2016-03-17 05:34 110016 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-03-07 04:23 . 2014-06-24 23:29 6203411 ----a-w- c:\windows\system32\nvcoproc.bin
2016-02-27 10:10 . 2016-03-01 10:33 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-02-14 01:47 . 2016-03-17 05:34 125720 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-02-14 01:47 . 2016-02-14 01:47 125720 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 . 2016-03-17 05:34 126232 ----a-w- c:\windows\system32\vulkan-1.dll
2016-02-14 01:46 . 2016-02-14 01:46 126232 ----a-w- c:\windows\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 . 2016-03-17 05:34 42264 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-02-14 01:45 . 2016-02-14 01:45 42264 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 . 2016-03-17 05:34 45848 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-02-14 01:45 . 2016-02-14 01:45 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-3-0.exe
2016-02-12 18:52 . 2016-03-09 11:44 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 11:44 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 11:44 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 11:44 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 11:44 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 11:44 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 11:44 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 11:44 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 11:44 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 11:44 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 11:44 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 11:44 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 11:44 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 11:44 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 11:44 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 11:44 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 11:43 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 11:43 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 11:43 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 11:43 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 11:43 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 11:43 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 11:43 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 11:43 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 11:43 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 11:43 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 11:43 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 11:43 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 11:43 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 11:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 11:43 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 11:43 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 11:43 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 11:43 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:43 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 04:13 . 2016-02-05 04:13 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2016-03-31 3077712]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2016-01-28 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"SDTray"="d:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 00:13 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:02]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 13:50]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 13:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-03-30 2396096]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-03-30 1767248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-21  06:53:02
ComboFix-quarantined-files.txt  2016-04-21 10:53
ComboFix2.txt  2016-04-01 06:16

Edited by Orange Blossom, 22 April 2016 - 09:38 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 23 April 2016 - 08:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 Corey1690

Corey1690
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 23 April 2016 - 05:24 PM

Hey Nasdaq, thanks for your time. I'm running Mbam now, although I have an expired trial with them, I think they'll still let me run a scan. I'll do all of this and post shortly.



#4 Corey1690

Corey1690
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 23 April 2016 - 08:41 PM

Okay, I think I've got this all done! I read around that I should turn off my internet, and so I did that. ADW found a few things when I did so...

Problem: I'm being told that I'm not permitted to upload this type of file, when I try to upload the Mbam results? Tried the basic uploader, same thing.

As for Farbar, it gave me three separate txts, I've attached those. Also, can't seem to find ADW logs? I open the program after the reboot, and the logs button is greyed out.

Edit: nvm, found the ADW file, still cant upload the malwarebytes one, I think it's because it appears to be an internet link?

I'm a bit concerned about something with ADW.. the very first time I scanned, it picked up 3 registry things, but I aborted before cleaning to do a full scan without internet connection.. when I did so, only 2 came up this time, and the file missing was in regards to a 'systweak' at the end of the string. I looked up systweak, and found it's reputation quite questionable. Further search in my registry pulled up a RegistryCleaner by them, which I can only assume my father downloaded before giving me this PC, or downloaded itself. I backed up the registry and removed all traces of it.. but I still can't seem to find the entry that mysteriously disappeared... Perhaps this was due to me deleting the other files pertaining to the Systweak RegCleaner?

Attached Files


Edited by Corey1690, 23 April 2016 - 08:51 PM.


#5 Corey1690

Corey1690
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 23 April 2016 - 08:54 PM

Okay, so the Mbam file saved itself as an XML file.. I opened the file and saved a copy of it as a txt file, sorry for all the mix-up there,  here you go: 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 24 April 2016 - 07:57 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-726371531-3410083644-3767233514-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [X]
S3 pbfilter; \??\D:\Program Files (x86)\PeerBlock\pbfilter.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Shortcut: C:\Users\Administrator\Desktop\Diablo II - Lord of Destruction.lnk -> D:\Program Files (x86)\Diablo II\Diablo II.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\RF-MAB2.lnk -> C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel\Launch Stainless Steel.lnk -> D:\Steam\steamapps\common\Medieval II Total War\mods\SS6.3\launcher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> D:\Diablo III\BattlenetAccount.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> D:\Diablo III\TechSupport.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> D:\Diablo III\Manual.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7F47AC57-0EF3-43B8-8E57-51F2862933AB}\PlayTasks\3\Detection.exe.lnk -> D:\Program Files (x86)\Rainbow Six Vegas 2\Binaries\Detection.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7F47AC57-0EF3-43B8-8E57-51F2862933AB}\PlayTasks\2\Game Manual.lnk -> D:\Program Files (x86)\Rainbow Six Vegas 2\Support\Manual\R6Vegas2.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7F47AC57-0EF3-43B8-8E57-51F2862933AB}\PlayTasks\1\ReadMe.txt.lnk -> D:\Program Files (x86)\Rainbow Six Vegas 2\Support\ReadMe\ReadMe.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7F47AC57-0EF3-43B8-8E57-51F2862933AB}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (No File)
Shortcut: C:\ProgramData\Atheros\Device link\74-2f-68-83-cb-41\RF-MAB2.lnk -> C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe (No File)
Shortcut: C:\ProgramData\ASUS\AsusApManager\Rotation Desktop Setting.lnk -> C:\Program Files\Asus\Rotation Desktop for G Series\Rotation Desktop.exe (No File)
Shortcut: C:\Users\Allan\Desktop\Applications and Utilities\Fraps.lnk -> D:\Program Files (x86)\Fraps\fraps.exe (No File)
Shortcut: C:\Users\Allan\Desktop\Applications and Utilities\Intel(R) Driver Update Utility 2.4.lnk -> C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe (No File)
Shortcut: C:\Users\Allan\Desktop\Applications and Utilities\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (No File)
Shortcut: C:\Users\Allan\Desktop\Applications and Utilities\Skype.lnk -> C:\Windows\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe (No File)
Shortcut: C:\Users\Allan\AppData\Local\Microsoft\Windows\GameExplorer\{B6CFA18E-ADF5-47BC-B00B-1CC7F2DDC269}\PlayTasks\2\Readme.lnk -> D:\Program Files (x86)\Fallout 2\readme.txt (No File)
Shortcut: C:\Users\Allan\AppData\Local\Microsoft\Windows\GameExplorer\{B6CFA18E-ADF5-47BC-B00B-1CC7F2DDC269}\PlayTasks\1\Manual.lnk -> D:\Program Files (x86)\Fallout 2\MANUAL.PDF (No File)
Shortcut: C:\Users\Allan\AppData\Local\Microsoft\Windows\GameExplorer\{B6CFA18E-ADF5-47BC-B00B-1CC7F2DDC269}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Fallout 2\fallout2.exe (No File)

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know of any remaining issues with this computer.

#7 Corey1690

Corey1690
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 24 April 2016 - 03:23 PM

Here ya go. That seemed to go pretty quickly. What did this clean exactly? Should I keep an eye out for anything it might have removed, or were those all things from the badguys it removed? 

My internet feels faster, but a part of me feels like it's the placebo effect at this point. haha

Attached Files


Edited by Corey1690, 24 April 2016 - 03:24 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 25 April 2016 - 07:30 AM

That was just a cleanup of unwanted keys.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Corey1690

Corey1690
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 25 April 2016 - 05:29 PM

Everything does seems to be running a bit better, thank you!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 26 April 2016 - 09:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users