Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Infection


  • Please log in to reply
4 replies to this topic

#1 AlphaDanny

AlphaDanny

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 27 August 2016 - 10:36 AM

Hi, I've read this post and have done the scan on my computer: Suspected infection <--- read
 

 

Hi, I've done the same thing that you have directed the poster of this post to post. Here are my results, can you tell me what to do? 

 

FRST.txt

 

Addition.txt



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 AM

Posted 29 August 2016 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features.
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe <==== ATTENTION
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk [2016-08-27]
ShortcutTarget: ePMGJCiIfeWIIffc.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\RfFceaKHcDZaFLIZiVLLY.cmd (AutoIt Team)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk [2016-07-28]
ShortcutTarget: KUUKBCbHRXBRUDPC.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\NZcXJSRSTMeFVKcELMXNW.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk [2016-07-28]
ShortcutTarget: SUUdULXDRYGTUaXZ.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPeWZ.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk [2016-07-17]
ShortcutTarget: XJfMWDhiZXFKHECK.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTEIK.txt (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll => No File
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll => No File
FF HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi => not found
S2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [X]
S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X]
Task: {05949630-EE2E-4E9F-BB1F-A89BC72B15C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {11CE7E58-E0FD-44D7-A699-5F3699BA2C7C} - System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
C:\Program Files (x86)\windowsactivate
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk
C:\Program Files (x86)\Skillbrains
C:\Program Files (x86)\Consumer Input

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the Fixlog.txt and let me know what problem persists.

#3 AlphaDanny

AlphaDanny
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 29 August 2016 - 05:51 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features.
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe <==== ATTENTION
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk [2016-08-27]
ShortcutTarget: ePMGJCiIfeWIIffc.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\RfFceaKHcDZaFLIZiVLLY.cmd (AutoIt Team)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk [2016-07-28]
ShortcutTarget: KUUKBCbHRXBRUDPC.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\NZcXJSRSTMeFVKcELMXNW.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk [2016-07-28]
ShortcutTarget: SUUdULXDRYGTUaXZ.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPeWZ.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk [2016-07-17]
ShortcutTarget: XJfMWDhiZXFKHECK.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTEIK.txt (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll => No File
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll => No File
FF HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi => not found
S2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [X]
S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X]
Task: {05949630-EE2E-4E9F-BB1F-A89BC72B15C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {11CE7E58-E0FD-44D7-A699-5F3699BA2C7C} - System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
C:\Program Files (x86)\windowsactivate
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk
C:\Program Files (x86)\Skillbrains
C:\Program Files (x86)\Consumer Input

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the Fixlog.txt and let me know what problem persists.

 

I don't see the Consumer Input Update Helper on the programs list...



#4 AlphaDanny

AlphaDanny
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 29 August 2016 - 05:58 PM

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features.
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe <==== ATTENTION
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk [2016-08-27]
ShortcutTarget: ePMGJCiIfeWIIffc.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\RfFceaKHcDZaFLIZiVLLY.cmd (AutoIt Team)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk [2016-07-28]
ShortcutTarget: KUUKBCbHRXBRUDPC.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\NZcXJSRSTMeFVKcELMXNW.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk [2016-07-28]
ShortcutTarget: SUUdULXDRYGTUaXZ.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPeWZ.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk [2016-07-17]
ShortcutTarget: XJfMWDhiZXFKHECK.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTEIK.txt (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll => No File
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll => No File
FF HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi => not found
S2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [X]
S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X]
Task: {05949630-EE2E-4E9F-BB1F-A89BC72B15C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {11CE7E58-E0FD-44D7-A699-5F3699BA2C7C} - System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
C:\Program Files (x86)\windowsactivate
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk
C:\Program Files (x86)\Skillbrains
C:\Program Files (x86)\Consumer Input

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the Fixlog.txt and let me know what problem persists.

 

I don't see the Consumer Input Update Helper on the programs list...

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016

Ran by Josh_x (30-08-2016 08:51:42) Run:1
Running from C:\Users\Josh_x\Desktop
Loaded Profiles: Josh_x (Available Profiles: Josh_x)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Winlogon: [Shell] C:\Program Files (x86)\windowsactivate\windowsactivate.exe <==== ATTENTION
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk [2016-08-27]
ShortcutTarget: ePMGJCiIfeWIIffc.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\RfFceaKHcDZaFLIZiVLLY.cmd (AutoIt Team)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk [2016-07-28]
ShortcutTarget: KUUKBCbHRXBRUDPC.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\NZcXJSRSTMeFVKcELMXNW.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk [2016-07-28]
ShortcutTarget: SUUdULXDRYGTUaXZ.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPeWZ.exe (No File)
Startup: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk [2016-07-17]
ShortcutTarget: XJfMWDhiZXFKHECK.cmd.lnk -> C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTEIK.txt (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll => No File
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll => No File
FF HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi => not found
S2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [X]
S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X]
Task: {05949630-EE2E-4E9F-BB1F-A89BC72B15C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {11CE7E58-E0FD-44D7-A699-5F3699BA2C7C} - System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
C:\Program Files (x86)\windowsactivate
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk
C:\Program Files (x86)\Skillbrains
C:\Program Files (x86)\Consumer Input
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk => moved successfully
C:\Users\Josh_x\AppData\Roaming\RfFceaKHcDZaFLIZiVLLY.cmd => moved successfully
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk => moved successfully
C:\Users\Josh_x\AppData\Roaming\NZcXJSRSTMeFVKcELMXNW.exe => not found.
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk => moved successfully
C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPeWZ.exe => not found.
C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk => moved successfully
C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTEIK.txt => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2876923373-2406336335-375998269-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value removed successfully
WeatherChiknSrvr => service removed successfully
CM_VENDER_CMD => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05949630-EE2E-4E9F-BB1F-A89BC72B15C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05949630-EE2E-4E9F-BB1F-A89BC72B15C1}" => key removed successfully
C:\WINDOWS\System32\Tasks\update-sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11CE7E58-E0FD-44D7-A699-5F3699BA2C7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11CE7E58-E0FD-44D7-A699-5F3699BA2C7C}" => key removed successfully
C:\WINDOWS\System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-2876923373-2406336335-375998269-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14637FB5-777F-4744-A4EC-1FE58F635E29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14637FB5-777F-4744-A4EC-1FE58F635E29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E67996C-DF6B-44E7-934B-84EAF5ABA884}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E67996C-DF6B-44E7-934B-84EAF5ABA884}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D72D345-50E9-474F-8849-0BBFDBD251D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D72D345-50E9-474F-8849-0BBFDBD251D3}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{335C745F-40F2-4C16-B611-0E40492386BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335C745F-40F2-4C16-B611-0E40492386BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B466DE8-54F6-4232-A44A-CC731D383FA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B466DE8-54F6-4232-A44A-CC731D383FA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F0B4E84-37B8-4EB4-9674-21E527D9770D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F0B4E84-37B8-4EB4-9674-21E527D9770D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A7E7DF-6341-4E07-9EB2-0EED1C889102}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A7E7DF-6341-4E07-9EB2-0EED1C889102}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76105D99-59CE-48A3-8B0B-8F297F6E7720}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76105D99-59CE-48A3-8B0B-8F297F6E7720}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA7DCDE-1B65-4117-9392-2031712DCC18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA7DCDE-1B65-4117-9392-2031712DCC18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{800E14F9-34DF-4F8D-B3E9-ED43B248B3E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{800E14F9-34DF-4F8D-B3E9-ED43B248B3E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EC18431-278D-41A6-9814-46E485379D41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EC18431-278D-41A6-9814-46E485379D41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDF28546-B4E5-44BE-B4FE-D50534453E0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF28546-B4E5-44BE-B4FE-D50534453E0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA808170-E7A9-4B8A-A261-A63129E9E74F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA808170-E7A9-4B8A-A261-A63129E9E74F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDABEB25-4F56-4443-811A-D434BF369AC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDABEB25-4F56-4443-811A-D434BF369AC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5D0EF01-435D-4504-A0CA-947A0BC38CFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5D0EF01-435D-4504-A0CA-947A0BC38CFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => moved successfully
C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => moved successfully
C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => moved successfully
C:\WINDOWS\Tasks\update-sys.job => moved successfully
C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f => ":Q4oEra6uG3sTyAbCQknn" ADS removed successfully.
C:\Users\Josh_x\AppData\Local\Temp => ":JM7h1JyYY148D3liJKAdX9sM00u4" ADS removed successfully.
C:\Program Files (x86)\windowsactivate => moved successfully
"C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePMGJCiIfeWIIffc.cmd.lnk" => not found.
"C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KUUKBCbHRXBRUDPC.cmd.lnk" => not found.
"C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUUdULXDRYGTUaXZ.cmd.lnk" => not found.
"C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XJfMWDhiZXFKHECK.cmd.lnk" => not found.
C:\Program Files (x86)\Skillbrains => moved successfully
"C:\Program Files (x86)\Consumer Input" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 294511 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 100667939 B
Java, Flash, Steam htmlcache => 248744998 B
Windows/system/drivers => 80776227 B
Edge => 6485864 B
Chrome => 132999127 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10910 B
NetworkService => 203174 B
Josh_x => 3300335751 B
 
RecycleBin => 2859936713 B
EmptyTemp: => 6.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:54:52 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,563 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 AM

Posted 30 August 2016 - 08:28 AM

Any remaining issues with this computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users