Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to make a new log with FRST


  • This topic is locked This topic is locked
10 replies to this topic

#1 CubeZapper

CubeZapper

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 24 September 2016 - 12:18 AM

I made a thread about a month ago: http://www.bleepingcomputer.com/forums/t/624758/possible-key-logger-mousedesktop-refreshes-alot/

 

But I was very busy with school work, so I did it all on a separate laptop and never got the time to fix my other computer, but now Id like to do it cause Im free.

 

I wanted to generate a new Farbar Recovery Scan Tool (FRST) log because the previous one is very outdated following this guide: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

I had already done this in the past so there was already Adittion.txt and FRST.txt in the DOWNLOADS folder. When I tried re-scanning using FRST it did nothing but pop up a FRST.txt. Do I have to delete FRST and Addition.txt/FRST.txt to generate new logs?

 

I'm deeply sorry if this bothers you, but help is greatly appreciated. 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 AM

Posted 25 September 2016 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Delete the current Farbar .exe file, the FRST and Addition.txt files.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post both logs for my review.

Wait for further instructions.

Edited by nasdaq, 25 September 2016 - 09:32 AM.


#3 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 26 September 2016 - 05:16 AM

Thanks alot Ill go ahead an do it.



#4 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 02 October 2016 - 04:15 AM

Here is my current FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by Daniel (administrator) on 601112266882 (02-10-2016 17:03:52)
Running from C:\Users\Daniel\Desktop\Fix pix
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2015-11-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-18] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Gaming Mouse Driver] => C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [491520 2015-01-22] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-07-31] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-05-30] (Razer Inc.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-14] (Spotify Ltd)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Discord] => C:\Users\Daniel\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\RunOnce: [Uninstall C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{46774ff0-7501-428a-a704-a1cf9c802daa}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{bfe14919-e2e4-478a-9588-a13ab6986b02}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-05-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1622788738-3801000913-2380669748-1001: @nsroblox.roblox.com/launcher -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1622788738-3801000913-2380669748-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2016-10-02]
CHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-30]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-30]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Awaken the Force Within) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeojddkbfhdgnnicgkgogjnbkdljibb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-23]
CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-10-02]
CHR Extension: (Skype) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-07-31] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-11-30] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2015-12-03] (EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144616 2015-11-30] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-18] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [361376 2015-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-09-04] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-06-01] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-17] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-05-30] (Razer Inc.)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [39424 2016-02-10] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-27] (Wacom Technology, Corp.)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-11-30] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-04] (Broadcom Corporation)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31464 2015-07-17] (ELAN Microelectronic Corp.)
R3 GMLXDFltr01; C:\Windows\system32\drivers\GMLXDFltr01.sys [10752 2014-07-24] (LXD Development, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-25] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-18] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-06-02] (Razer, Inc.)
R3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-02 17:02 - 2016-10-02 17:03 - 00000000 ____D C:\Users\Daniel\Desktop\Fix pix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-02 17:06 - 2015-09-04 07:28 - 00000420 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
2016-10-02 17:03 - 2016-08-25 15:06 - 00000000 ____D C:\FRST
2016-10-02 17:03 - 2015-12-02 21:18 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08EEB44A-8934-453A-8724-98ADB8BBCC84}
2016-10-02 17:03 - 2015-09-04 07:28 - 00000420 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
2016-10-02 16:55 - 2016-03-24 17:16 - 00004014 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458810965
2016-10-02 16:55 - 2016-03-24 17:16 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-10-02 16:53 - 2016-01-05 16:58 - 00000000 ____D C:\Users\Daniel\Documents\YouCam
2016-10-02 16:49 - 2015-12-14 10:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2016-10-02 16:48 - 2015-12-12 16:53 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-02 16:42 - 2015-11-30 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-02 16:41 - 2016-01-30 18:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-02 16:41 - 2015-11-30 07:16 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-02 16:41 - 2015-11-29 22:29 - 00000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles
2016-09-26 23:19 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-09-26 19:08 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-26 18:42 - 2016-01-31 10:46 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-26 18:34 - 2016-07-16 23:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-26 18:15 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-24 13:44 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-24 13:43 - 2015-11-30 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-24 13:27 - 2015-11-30 21:25 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-24 13:21 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-24 13:20 - 2015-11-29 22:29 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2016-09-24 13:05 - 2015-12-14 10:48 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 12:25 - 2016-02-22 21:06 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-23 12:25 - 2016-02-22 21:06 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-23 12:07 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-23 12:05 - 2015-12-09 17:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-08 14:57 - 2016-08-09 14:57 - 00003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDaniel
2016-09-08 14:57 - 2016-04-16 10:08 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDaniel.job
2016-09-07 09:00 - 2015-10-30 15:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 09:00 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-05-22 14:28 - 2016-05-22 14:28 - 0000055 ____N () C:\Users\Daniel\AppData\Roaming\MouseServer.ini
2015-12-28 21:38 - 2015-12-28 21:39 - 0000826 _____ () C:\ProgramData\1451309926.2188.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0002059 _____ () C:\ProgramData\1451309926.7436.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0042965 _____ () C:\ProgramData\1451309926.7440.bin
2015-12-01 14:52 - 2015-10-02 14:52 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\bdfilters.dll
C:\Users\Daniel\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Daniel\AppData\Local\Temp\pin2taskbar.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-23 12:45
 
==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 AM

Posted 02 October 2016 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs > Programs and Features.
Popcorn-Time (HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Avast SafePrice) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-23]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
FirewallRules: [{DB5A5609-88BA-4C8D-9CD7-EA759626D909}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E5E0C279-1BCB-46C1-9EE5-D90BFFD43ACB}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
===

Please post the Fixlog.txt file and let me know what problem persists with this computer.

Edited by nasdaq, 02 October 2016 - 09:50 AM.


#6 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 03 October 2016 - 01:53 AM

Just curious what does fixlist.txt do and how does it modifiy my computer?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 AM

Posted 03 October 2016 - 08:47 AM

It will disable some of your Chrome Extension.

Clean the left over of Popcorn once you have removed it.

#8 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 04 October 2016 - 03:46 AM

I did everything except the shockwave, which I will do later. While I was restarting my computer, when it was closing, some windows updates started up and finished. The computer turned on again and the windows update started another time and finished. I hope this doesnt affect it at all. Also the Fixlog.txt is attached below. Thanks for the help so far greatly appreciate it.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 AM

Posted 04 October 2016 - 08:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#10 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 04 October 2016 - 12:47 PM

Thanks alot! If there was a way I could help in return I will try my best.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 AM

Posted 05 October 2016 - 08:46 AM

Thanks, my services are free.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users