Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware and trackers keeps returning after deletion


  • This topic is locked This topic is locked
21 replies to this topic

#1 Y_o_p

Y_o_p

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 15 February 2017 - 10:57 PM

When using adwcleaner and hitmanpro they both find adware and traces. However, when they delete them they keep returning later on. I don't get popups on my browser, and I don't even use a popup blocker nor do I find anything in my extensions tab. It's not a huge threat, but a slight annoyance.

 

Here's the scan from adwcleaner.

 

# AdwCleaner v6.043 - Logfile created 15/02/2017 at 20:32:20
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Jesse - JESSEASUS
# Running from : C:\Users\Jesse\Desktop\Anti-Virus\adwcleaner_6.043.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - default-search.net
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearchdial.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1107 Bytes] - [25/08/2016 15:28:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [1815 Bytes] - [31/01/2017 19:54:53]
C:\AdwCleaner\AdwCleaner[C3].txt - [2012 Bytes] - [03/02/2017 17:02:32]
C:\AdwCleaner\AdwCleaner[C4].txt - [2266 Bytes] - [03/02/2017 19:36:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [1236 Bytes] - [25/08/2016 15:21:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [2482 Bytes] - [03/02/2017 18:08:59]
C:\AdwCleaner\AdwCleaner[S11].txt - [2175 Bytes] - [03/02/2017 19:25:17]
C:\AdwCleaner\AdwCleaner[S12].txt - [2630 Bytes] - [03/02/2017 19:27:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2375 Bytes] - [03/02/2017 19:36:33]
C:\AdwCleaner\AdwCleaner[S14].txt - [2041 Bytes] - [15/02/2017 20:32:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1271 Bytes] - [26/08/2016 15:52:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1355 Bytes] - [30/08/2016 20:12:57]
C:\AdwCleaner\AdwCleaner[S3].txt - [1428 Bytes] - [11/09/2016 17:45:11]
C:\AdwCleaner\AdwCleaner[S4].txt - [1501 Bytes] - [16/09/2016 12:37:35]
C:\AdwCleaner\AdwCleaner[S5].txt - [1574 Bytes] - [16/09/2016 19:30:33]
C:\AdwCleaner\AdwCleaner[S6].txt - [1860 Bytes] - [31/01/2017 19:52:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [1793 Bytes] - [31/01/2017 22:00:03]
C:\AdwCleaner\AdwCleaner[S8].txt - [1866 Bytes] - [03/02/2017 16:57:32]
C:\AdwCleaner\AdwCleaner[S9].txt - [2321 Bytes] - [03/02/2017 17:02:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt - [2772 Bytes] ##########
 
And here's FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Jesse (administrator) on JESSEASUS (15-02-2017 21:12:08)
Running from C:\Users\Jesse\Desktop
Loaded Profiles: Jesse (Available Profiles: Jesse)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(cFos Software GmbH) C:\Program Files\ASUS\ROG GameFirst II\spd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VirtuWatt\LucidSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Lighting\CheckCD_RomLighting.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Lighting\ASUS_Manager_Lighting.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS\AEGIS_AlertService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS\AsToastHelper.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS\AEGIS_SysMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS\AsSysLevelUpSrc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Jesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\VsHub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcpackages\vcpkgsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHostx64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\ScriptedSandbox64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM\...\Run: [ROG GameFirst II] => C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe [2778512 2014-04-25] (cFos Software GmbH)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [VirtuWatt] => C:\Program Files\Lucidlogix Technologies\VirtuWatt\MVPControlPanel20.Exe [1255120 2014-08-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-10-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-10] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\Run: [Spotify Web Helper] => C:\Users\Jesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-03] (Spotify Ltd)
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-09-02]
ShortcutTarget: Curse.lnk -> C:\Users\Jesse\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-08-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{145EC7C0-A1A8-485C-8B3F-4AA89E499F09}: [DhcpNameServer] 75.114.81.1 75.114.81.2
 
Internet Explorer:
==================
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-4220691065-1076060140-1043838160-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4220691065-1076060140-1043838160-1001 -> {6A949577-27F6-4678-9A73-A87CD99A1879} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-13] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-13] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5lm214p6.default
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\5lm214p6.default [2017-02-15]
FF Extension: (All Aboard) - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\5lm214p6.default\Extensions\@all-aboard-v1-2 [2016-09-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4220691065-1076060140-1043838160-1001: @nsroblox.roblox.com/launcher -> C:\Users\Jesse\AppData\Local\Roblox\Versions\version-ee338271909542da\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4220691065-1076060140-1043838160-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Jesse\AppData\Local\Roblox\Versions\version-ee338271909542da\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://blu169.mail.live.com/default.aspx?id=64855
CHR StartupUrls: Default -> "hxxps://blu169.mail.live.com/default.aspx?id=64855"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default [2017-02-15]
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Avast Online Security) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-12-08]
CHR Extension: (Avast Passwords) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hikeppggmbhdgodhakicedaejpleoigm] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-02-10] ()
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASUS\ROG GameFirst II\spd.exe [1016208 2014-04-25] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-11-09] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-31] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [159016 2014-06-11] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 LucidSvc; C:\Program Files\Lucidlogix Technologies\VirtuWatt\LucidSvc.exe [22224 2014-08-03] (LucidLogix)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-16] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-06-17] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-20] (AVAST Software)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
R3 IntelReadyModeDriver; C:\Windows\System32\drivers\IntelReadyModeDriver.sys [24776 2014-01-23] (Intel Corporation)
R0 lucidpci; C:\Windows\system32\DRIVERS\lucidpci.sys [31952 2014-08-03] (Lucidlogix Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2016-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3475160 2014-06-17] (Realtek Semiconductor Corporation                           )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-15 21:12 - 2017-02-15 21:12 - 00030082 _____ C:\Users\Jesse\Desktop\FRST.txt
2017-02-15 21:11 - 2017-02-15 21:11 - 00000000 ____D C:\Users\Jesse\Desktop\FRST-OlderVersion
2017-02-14 14:00 - 2017-02-14 14:00 - 00010727 _____ C:\Users\Jesse\Downloads\meeting (8).collab
2017-02-10 08:53 - 2017-02-10 08:53 - 00010729 _____ C:\Users\Jesse\Downloads\meeting (7).collab
2017-02-07 16:59 - 2017-02-07 16:59 - 00000000 ____D C:\Users\Jesse\AppData\Local\Windows Live
2017-02-07 11:51 - 2017-02-07 11:51 - 00010733 _____ C:\Users\Jesse\Downloads\meeting (6).collab
2017-02-03 18:52 - 2017-02-15 21:12 - 00000000 ____D C:\FRST
2017-02-03 18:51 - 2017-02-15 21:11 - 02422272 _____ (Farbar) C:\Users\Jesse\Desktop\FRST64.exe
2017-02-03 18:51 - 2017-02-03 18:51 - 02420736 _____ (Farbar) C:\Users\Jesse\Downloads\FRST64.exe
2017-02-03 18:07 - 2017-02-03 18:07 - 04015056 _____ C:\Users\Jesse\Downloads\adwcleaner_6.043.exe
2017-02-03 16:53 - 2017-02-03 16:53 - 01663040 _____ (Malwarebytes) C:\Users\Jesse\Downloads\JRT.exe
2017-02-02 16:28 - 2017-02-02 16:28 - 00032255 _____ C:\Users\Jesse\Downloads\GomBaseAndDeltaPackage.2.6 (1).zip
2017-02-02 16:27 - 2017-02-02 16:28 - 00017083 _____ C:\Users\Jesse\Downloads\GomMP4.7.zip
2017-02-02 16:27 - 2017-02-02 16:27 - 00012033 _____ C:\Users\Jesse\Downloads\GomVolumeLadder3.4 (1).zip
2017-02-02 16:25 - 2017-02-02 16:25 - 00000113 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-02-02 16:24 - 2017-02-02 16:24 - 00012277 _____ C:\Users\Jesse\Downloads\PPLAvgTrueRangeBands.cs
2017-02-02 16:15 - 2017-02-02 16:15 - 01766286 _____ C:\Users\Jesse\Downloads\Other-PPL-Sound-File-Package.zip
2017-02-02 16:15 - 2017-02-02 16:15 - 00101736 _____ C:\Users\Jesse\Downloads\PPLPowerPriceLevelsPro (1) (1).zip
2017-02-02 16:15 - 2017-02-02 16:15 - 00078541 _____ C:\Users\Jesse\Downloads\PPLPowerPriceLevelsPro.zip
2017-02-02 15:34 - 2017-02-02 15:34 - 00000000 ____D C:\Users\Jesse\AppData\Local\TechSmith
2017-02-02 15:34 - 2017-02-02 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-02-02 15:34 - 2017-02-02 15:34 - 00000000 ____D C:\Program Files (x86)\TechSmith
2017-02-02 15:32 - 2017-02-02 15:32 - 06699032 _____ C:\Users\Jesse\Downloads\jing.exe
2017-02-01 19:20 - 2017-02-01 19:20 - 00101736 _____ C:\Users\Jesse\Downloads\PPLPowerPriceLevelsPro (1).zip
2017-02-01 18:03 - 2017-02-01 18:03 - 00141747 _____ C:\Users\Jesse\Downloads\PPLBonusPackageGold.zip
2017-02-01 15:17 - 2017-02-01 15:17 - 00010668 _____ C:\Users\Jesse\Downloads\nativeplayback (3).collab
2017-01-31 22:53 - 2017-02-02 16:38 - 00000000 ____D C:\Users\Jesse\Desktop\NinjaTrader
2017-01-31 22:27 - 2017-02-03 18:23 - 00379802 _____ C:\Windows\ntbtlog.txt
2017-01-31 22:12 - 2017-01-31 22:12 - 00006628 _____ C:\TDSSKiller.3.1.0.12_31.01.2017_22.12.09_log.txt
2017-01-31 22:07 - 2017-01-31 22:09 - 00245226 _____ C:\TDSSKiller.3.1.0.12_31.01.2017_22.07.14_log.txt
2017-01-31 22:04 - 2017-01-31 22:04 - 04656523 _____ C:\Users\Jesse\Downloads\tdsskiller.zip
2017-01-31 22:04 - 2017-01-31 22:04 - 00000436 _____ C:\TDSSKiller.3.1.0.11_31.01.2017_22.04.20_log.txt
2017-01-31 20:20 - 2017-01-31 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jesse\Downloads\rkill.exe
2017-01-31 20:07 - 2017-01-31 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-31 20:07 - 2017-01-31 20:07 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-31 20:06 - 2017-01-31 20:19 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-31 20:03 - 2017-01-31 20:03 - 09741664 _____ (SurfRight B.V.) C:\Users\Jesse\Downloads\HitmanPro_x64.exe
2017-01-31 19:23 - 2017-01-31 19:23 - 00000000 ____D C:\Users\Jesse\Desktop\ProcessMonitor
2017-01-31 19:22 - 2017-01-31 19:22 - 00998093 _____ C:\Users\Jesse\Downloads\ProcessMonitor.zip
2017-01-30 14:08 - 2017-01-30 14:08 - 00460409 _____ C:\Users\Jesse\Downloads\Sp2Module6DBAJan2017.pdf
2017-01-29 18:13 - 2017-01-29 18:15 - 316407582 _____ C:\Users\Jesse\Downloads\Project_Ozone_2-Server-v.2.2.4.zip
2017-01-29 16:35 - 2017-01-29 16:35 - 00012033 _____ C:\Users\Jesse\Downloads\GomVolumeLadder3.4.zip
2017-01-29 15:44 - 2017-01-29 15:44 - 00000115 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-01-29 15:42 - 2017-01-29 15:44 - 00000000 ____D C:\Users\Jesse\Documents\NinjaTrader 7
2017-01-29 15:42 - 2017-01-29 15:42 - 00000000 ____D C:\Users\Jesse\Documents\NinjaTrader Backup
2017-01-29 15:42 - 2017-01-29 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NinjaTrader 7
2017-01-29 15:42 - 2017-01-29 15:42 - 00000000 ____D C:\Program Files (x86)\NinjaTrader 7
2017-01-29 15:39 - 2017-01-29 15:39 - 00291760 _____ (NinjaTrader, LLC) C:\Users\Jesse\Downloads\Unconfirmed 33049.crdownload
2017-01-29 15:39 - 2017-01-29 15:39 - 00291760 _____ (NinjaTrader, LLC) C:\Users\Jesse\Downloads\setup.exe
2017-01-27 16:27 - 2017-01-27 16:27 - 00010668 _____ C:\Users\Jesse\Downloads\nativeplayback (2).collab
2017-01-25 19:24 - 2017-01-25 19:24 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-25 19:24 - 2017-01-25 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-25 19:24 - 2017-01-25 19:24 - 00000000 ____D C:\Program Files\Java
2017-01-25 19:23 - 2017-01-25 19:23 - 64153152 _____ (Oracle Corporation) C:\Users\Jesse\Downloads\jre-8u121-windows-x64.exe
2017-01-25 19:23 - 2017-01-25 19:23 - 00738368 _____ (Oracle Corporation) C:\Users\Jesse\Downloads\jre-8u121-windows-i586-iftw.exe
2017-01-25 19:21 - 2017-01-31 19:54 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-01-25 19:17 - 2017-01-25 19:17 - 00738880 _____ (Oracle Corporation) C:\Users\Jesse\Downloads\chromeinstall-8u121.exe
2017-01-25 18:53 - 2017-01-25 18:54 - 154988284 _____ C:\Users\Jesse\Downloads\FTBInfinityLite110Server_1.5.1.zip
2017-01-25 18:51 - 2017-01-25 18:51 - 20220108 _____ C:\Users\Jesse\Downloads\FTBInfinityLite110-1.5.1-1.10.2.zip
2017-01-25 18:39 - 2017-01-25 18:39 - 00000000 ____D C:\Users\Jesse\Documents\Curse
2017-01-25 16:52 - 2017-01-25 16:52 - 00010668 _____ C:\Users\Jesse\Downloads\nativeplayback (1).collab
2017-01-24 12:03 - 2017-01-24 12:03 - 00010733 _____ C:\Users\Jesse\Downloads\meeting (5).collab
2017-01-17 19:21 - 2017-01-17 19:21 - 00010732 _____ C:\Users\Jesse\Downloads\meeting (4).collab
2017-01-17 12:04 - 2017-01-17 12:04 - 00010733 _____ C:\Users\Jesse\Downloads\meeting (3).collab
2017-01-17 09:38 - 2017-01-17 09:38 - 00010728 _____ C:\Users\Jesse\Downloads\meeting (2).collab
2017-01-17 09:36 - 2017-01-17 09:36 - 00010734 _____ C:\Users\Jesse\Downloads\meeting (1).collab
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-15 21:11 - 2016-08-17 17:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-15 21:03 - 2016-08-25 15:20 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:59 - 2016-06-21 20:46 - 00000000 ____D C:\Users\Jesse\AppData\Local\Spotify
2017-02-15 20:55 - 2016-06-21 20:45 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Spotify
2017-02-15 20:48 - 2016-06-20 19:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 20:43 - 2016-11-03 20:46 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Skype
2017-02-15 20:40 - 2014-10-15 11:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-15 20:39 - 2016-07-09 12:50 - 00005610 _____ C:\IFRToolLog.txt
2017-02-15 20:37 - 2016-06-20 19:03 - 00000000 ___DO C:\Users\Jesse\OneDrive
2017-02-15 20:35 - 2016-09-01 21:00 - 00000000 ____D C:\Users\Jesse\AppData\Local\LogMeIn Hamachi
2017-02-15 20:34 - 2016-08-17 17:12 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-15 20:34 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-15 20:33 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-15 20:32 - 2016-12-16 21:28 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-15 20:31 - 2016-08-26 18:54 - 00000000 ____D C:\Users\Jesse\Desktop\Anti-Virus
2017-02-15 20:21 - 2016-06-22 00:16 - 00000000 ____D C:\Users\Jesse\AppData\Local\CrashDumps
2017-02-15 20:14 - 2016-06-20 20:34 - 00007595 _____ C:\Users\Jesse\AppData\Local\Resmon.ResmonCfg
2017-02-15 20:00 - 2016-08-16 13:00 - 00000000 ____D C:\Users\Jesse\Desktop\FLVS
2017-02-15 19:17 - 2016-08-23 16:04 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\UDP Software
2017-02-15 19:16 - 2016-11-01 13:44 - 00081408 ___SH C:\Users\Jesse\Desktop\Thumbs.db
2017-02-15 18:54 - 2016-06-20 19:02 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9BDAC814-E8C7-4E47-8FE3-18A2FF2BA55D}
2017-02-15 18:13 - 2016-06-20 18:58 - 00000000 ____D C:\Users\Jesse\AppData\Local\Packages
2017-02-15 02:00 - 2016-08-17 17:12 - 00000000 ____D C:\Users\Jesse\AppData\Local\Adobe
2017-02-14 22:11 - 2016-08-17 17:13 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 22:11 - 2016-08-17 17:12 - 00003858 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 22:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 22:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 08:56 - 2016-06-22 08:14 - 00000000 ____D C:\Users\Jesse\AppData\Local\ElevatedDiagnostics
2017-02-13 19:52 - 2016-06-21 15:53 - 00000000 ____D C:\Users\Jesse\Documents\Visual Studio 2015
2017-02-13 14:00 - 2016-06-21 01:09 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-12 16:57 - 2016-06-20 19:04 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4220691065-1076060140-1043838160-1001
2017-02-12 16:22 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2017-02-11 21:34 - 2016-06-20 19:42 - 00000000 ____D C:\ProgramData\Skype
2017-02-07 17:05 - 2016-08-16 12:53 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Audacity
2017-02-07 16:07 - 2017-01-15 14:40 - 00000000 ____D C:\tmp
2017-02-06 18:55 - 2016-06-20 19:14 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 03:24 - 2016-11-04 20:11 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\obs-studio
2017-02-03 17:31 - 2016-06-20 19:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 07:36 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-02 19:02 - 2016-09-02 15:06 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Curse Client
2017-02-02 15:34 - 2016-06-20 18:56 - 00000000 ____D C:\Users\Jesse
2017-02-02 14:41 - 2016-06-20 19:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-31 22:53 - 2016-08-26 18:43 - 00000000 ____D C:\Users\Jesse\Desktop\Game Dev
2017-01-31 22:10 - 2016-09-02 14:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-31 22:09 - 2016-08-07 08:57 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-31 21:00 - 2016-12-04 00:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-31 20:35 - 2016-06-20 19:10 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-29 01:34 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-29 01:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2017-01-26 16:23 - 2016-11-16 22:41 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\.minecraft
2017-01-19 03:05 - 2016-12-14 00:48 - 00003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 03:05 - 2016-09-28 11:52 - 00003182 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4220691065-1076060140-1043838160-1001
2017-01-19 03:05 - 2016-09-28 11:52 - 00002349 _____ C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2016-06-20 18:58 - 2017-02-15 20:35 - 4015721 _____ () C:\Users\Jesse\AppData\Local\BTServer.log
2016-06-20 20:34 - 2017-02-15 20:14 - 0007595 _____ () C:\Users\Jesse\AppData\Local\Resmon.ResmonCfg
2014-10-06 04:08 - 2014-10-06 04:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-02-02 16:25 - 2017-02-02 16:25 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-01-29 15:44 - 2017-01-29 15:44 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-12-16 21:28 - 2017-02-15 20:37 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 21:28 - 2017-02-15 20:32 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-02-01 21:51 - 2017-02-01 21:51 - 0017408 _____ () C:\Users\Jesse\AppData\Local\Temp\jansi-64-1.8.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-11 06:54
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 16 February 2017 - 02:49 AM

Hello Y_o_p and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 16 February 2017 - 04:19 AM

Hi again,

 

Please run Adwcleaner again and Adwcleaner also should press the delete button. Post the log file in your next reply.

===============================

FRST Fixlist run:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

CreateRestorePoint:
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36477826.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36477826.sys => ""="Driver"
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\...\StartupApproved\Run: => "KSS"
FirewallRules: [TCP Query User{66649C6C-1472-498A-8672-E27FA4AA34DD}C:\users\jesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\jesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9EAB1495-0279-4880-83EF-9EC62980F372}C:\users\jesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\jesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{05A40A4C-73E4-4A57-8BE4-DFEF86D1E2D3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{B5C8EFD8-AFB8-4978-9AD8-23A846FB8DBB}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-4220691065-1076060140-1043838160-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4220691065-1076060140-1043838160-1001 -> {6A949577-27F6-4678-9A73-A87CD99A1879} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF DefaultProfile: 5lm214p6.default
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\5lm214p6.default [2017-02-15]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
CHR HomePage: Default -> hxxps://blu169.mail.live.com/default.aspx?id=64855
CHR StartupUrls: Default -> "hxxps://blu169.mail.live.com/default.aspx?id=64855"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hikeppggmbhdgodhakicedaejpleoigm] - hxxps://clients2.google.com/service/update2/crx
2017-02-03 16:53 - 2017-02-03 16:53 - 01663040 _____ (Malwarebytes) C:\Users\Jesse\Downloads\JRT.exe
C:\Users\Jesse\Downloads\GomBaseAndDeltaPackage.2.6 (1).zip
C:\Users\Jesse\Downloads\GomVolumeLadder3.4 (1).zip
C:\Users\Jesse\Downloads\PPLPowerPriceLevelsPro (1) (1).zip
C:\Users\Jesse\Downloads\PPLPowerPriceLevelsPro (1).zip
C:\Users\Jesse\AppData\Local\Resmon.ResmonCfg
C:\Users\Jesse\Desktop\Thumbs.db
C:\ProgramData\DP45977C.lfl
C:\Users\Jesse\AppData\Local\BTServer.log
C:\Users\Jesse\AppData\Local\Temp\jansi-64-1.8.dll
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

===================================================================================

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Y_o_p

Y_o_p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 16 February 2017 - 07:48 PM

Hello, thank you for your swift reply. I must add that I have had this issue for months, and have just now decided to try to post to a forum for help. I have also used JRT a few weeks ago, and will attach that old file. Even after using JRT the problem persisted. I will post a new JRT scan however. Something else I'll mention is that I had to close chrome to actually pick up on the adware that's scanned with ADWcleaner. If Chrome is open, and I scan, it finds nothing.
 
Here's ADWCleaner
 
# AdwCleaner v6.043 - Logfile created 16/02/2017 at 19:18:02
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Jesse - JESSEASUS
# Running from : C:\Users\Jesse\Desktop\Anti-Virus\adwcleaner_6.043.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - default-search.net
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearchdial.com
Chrome pref Found:  [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1107 Bytes] - [25/08/2016 15:28:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [1815 Bytes] - [31/01/2017 19:54:53]
C:\AdwCleaner\AdwCleaner[C3].txt - [2012 Bytes] - [03/02/2017 17:02:32]
C:\AdwCleaner\AdwCleaner[C4].txt - [2266 Bytes] - [03/02/2017 19:36:55]
C:\AdwCleaner\AdwCleaner[C5].txt - [2770 Bytes] - [15/02/2017 20:32:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [1236 Bytes] - [25/08/2016 15:21:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [2482 Bytes] - [03/02/2017 18:08:59]
C:\AdwCleaner\AdwCleaner[S11].txt - [2175 Bytes] - [03/02/2017 19:25:17]
C:\AdwCleaner\AdwCleaner[S12].txt - [2630 Bytes] - [03/02/2017 19:27:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [2375 Bytes] - [03/02/2017 19:36:33]
C:\AdwCleaner\AdwCleaner[S14].txt - [2852 Bytes] - [15/02/2017 20:32:20]
C:\AdwCleaner\AdwCleaner[S15].txt - [2616 Bytes] - [16/02/2017 19:16:11]
C:\AdwCleaner\AdwCleaner[S16].txt - [2261 Bytes] - [16/02/2017 19:18:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [1271 Bytes] - [26/08/2016 15:52:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1355 Bytes] - [30/08/2016 20:12:57]
C:\AdwCleaner\AdwCleaner[S3].txt - [1428 Bytes] - [11/09/2016 17:45:11]
C:\AdwCleaner\AdwCleaner[S4].txt - [1501 Bytes] - [16/09/2016 12:37:35]
C:\AdwCleaner\AdwCleaner[S5].txt - [1574 Bytes] - [16/09/2016 19:30:33]
C:\AdwCleaner\AdwCleaner[S6].txt - [1860 Bytes] - [31/01/2017 19:52:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [1793 Bytes] - [31/01/2017 22:00:03]
C:\AdwCleaner\AdwCleaner[S8].txt - [1866 Bytes] - [03/02/2017 16:57:32]
C:\AdwCleaner\AdwCleaner[S9].txt - [2321 Bytes] - [03/02/2017 17:02:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [2992 Bytes] ##########
 
Here's the OLD JRT scan
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64 
Ran by Jesse (Administrator) on Fri 02/03/2017 at 16:57:44.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\Program Files (x86)\GUT1668.tmp (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Jing (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/03/2017 at 17:00:21.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Here's the NEW JRT scan.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64 
Ran by Jesse (Administrator) on Thu 02/16/2017 at 19:41:53.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/16/2017 at 19:43:54.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Files


Edited by Y_o_p, 16 February 2017 - 07:50 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 17 February 2017 - 06:21 AM

Hi,

 

icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

==============================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Y_o_p

Y_o_p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 17 February 2017 - 10:28 AM

I scanned with ZHP and it found around 15 things, and asked if I had downloaded two servers. Said yes because I wasn't sure. Then did the Zemana scan, and it didn't find anything. Restarted my pc; decided to scan again with ZHP except this time it only found the one server and decided to delete it. Sadly a new .txt replaced to older one, so I can't paste it here. I can only paste the new one.
 
UPDATE - Deleting this server file seemed to mess up my browser, and couldn't connect to it. So I'm preforming a system restore.
 
My computer restored successfully to yesterday when I did the JRT scan. I'll make sure to rescan my computer with ZHP, and paste the results.
 
~ ZHPCleaner v2017.2.16.28 by Nicolas Coolman (2017/02/16)
~ Run by Jesse (Administrator)  (17/02/2017 10:09:00)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Jesse\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Jesse\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (2)
MOVED file: C:\Users\Jesse\AppData\Local\Temp\wct9439.tmp    =>.Superfluous.Temporary.Various
MOVED folder^: C:\Users\Jesse\AppData\Local\Temp\scoped_dir5608_13139  =>.Superfluous.Temporary.Steam
 
 
---\\  Registry ( Key, Value, Data) (1)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{145EC7C0-A1A8-485C-8B3F-4AA89E499F09}\\DhcpNameServer [Bad : 75.114.81.1 75.114.81.2]  =>Hijacker.Browser
 
 
---\\  Summary of the elements found (3)
 
 
---\\  Other deletions. (10)
~ Registry Keys Tracing deleted (10)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.
 
 
---\\ Statistics
~ Items scanned : 271
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 3
 
 
~ End of clean in 00h00mn13s
~====================
ZHPCleaner-[R]-17022017-09_23_46.txt
ZHPCleaner-[R]-17022017-10_09_13.txt
ZHPCleaner-[S]-17022017-09_17_17.txt
ZHPCleaner-[S]-17022017-10_04_36.txt

Edited by Y_o_p, 17 February 2017 - 10:59 AM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 18 February 2017 - 07:04 AM

Thanks,

 

Step 1:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 2:

ESET Online Scanner:
Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmfulPlace a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 21 February 2017 - 12:29 PM

Are you with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 22 February 2017 - 11:34 AM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Y_o_p

Y_o_p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 23 February 2017 - 03:43 PM

Yes I am still here, give me a little more time and I will post the results.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 23 February 2017 - 05:37 PM

So,i am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Y_o_p

Y_o_p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 23 February 2017 - 06:42 PM

Eset did not find anything.

 

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Jesse [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/20/2017 16:14:23 (Duration : 00:40:05)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4220691065-1076060140-1043838160-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++
--- User ---
[MBR] 5226faf45f4ed15dcfb8c8a78e0462f5
[BSP] df7e08fbfefd37d3fe58cce9e2688d45 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 800 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1640448 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2172928 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2435072 | Size: 938414 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1924306944 | Size: 14266 MB
User = LL1 ... OK
User = LL2 ... OK


#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 24 February 2017 - 02:56 AM

Scan with Zemana AntiMalware and of ESET I should see also results.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 27 February 2017 - 04:26 AM

Hello,

 

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Y_o_p

Y_o_p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 01 March 2017 - 09:46 PM

I scanned with ESET and Zemana and they both don't find anything, is there a way to find the logs?

 

I scanned with hitman and adw, they don't find anything anymore. Does this mean it's clean?

 

HitmanPro 3.7.15.281
www.hitmanpro.com
 
   Computer name . . . . : JESSEASUS
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : JESSEASUS\Jesse
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2017-03-01 21:30:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 87
 
   Objects scanned . . . : 2,865,632
   Files scanned . . . . : 88,079
   Remnants scanned  . . : 906,162 files / 1,871,391 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Jesse\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,420,736 bytes
      Age  . . . . . . . : 26.1 days (2017-02-03 18:51:11)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 566708D6E5A537F1C4EC62431527D89046779755355E43945323E021DD13A742
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Jesse\Desktop\FRST64.exe
      Size . . . . . . . : 2,422,272 bytes
      Age  . . . . . . . : 14.0 days (2017-02-15 21:11:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CF24D99F8C30A15CB41B8995DF822E7740CE3E2494FA973B207B97AADB52C9D3
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Jesse\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
         -0.1s C:\Users\Jesse\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
          0.0s C:\Users\Jesse\Desktop\FRST64.exe
          0.2s C:\Users\Jesse\Desktop\FRST-OlderVersion\
 
   C:\Users\Jesse\Downloads\FRST64.exe
      Size . . . . . . . : 2,420,736 bytes
      Age  . . . . . . . : 26.1 days (2017-02-03 18:51:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 566708D6E5A537F1C4EC62431527D89046779755355E43945323E021DD13A742
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:1517994423.log.optimizely.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:igodigital.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.ml314.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:korrelate.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:presentation-atl1.turn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:presentation-sjc2.turn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:rd.linksynergy.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cookies:www6.smartadserver.com
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users