Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Family Computer Loaded With Viruses

This is a discussion on Family Computer Loaded With Viruses within the Resolved HJT Threads forums, part of the Tech Support Forum category. Recently my brother was complaining about popups and other weird stuff on the computer. I took a look at it,


 
 
Thread Tools Search this Thread
Old 11-26-2015, 02:10 PM   #1
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Recently my brother was complaining about popups and other weird stuff on the computer. I took a look at it, and saw a few popups. I downloaded Malwarebytes, ran it and saw 210 reports. I removed them, but I want to make sure everything is gone. This PC is Windows 8.1 and DDS wont work. What do I need to post?
Wolfy-Friend is offline  
Sponsored Links
Advertisement
 
Old 11-27-2015, 12:23 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the following steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 11-27-2015, 12:18 PM   #3
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



I ran the two programs listed. Here is AdwCleaner Log:

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 14:10:00
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Bobby - KIDS
# Running from : C:\Users\Bobby\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_five-nights-at-freddys-4.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_five-nights-at-freddys-4.en.softonic.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\DownloadAdmin

***** [ Web browsers ] *****

[-] [C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT
[-] [C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgMVggTEw0VbQkPBwpcFQZBJRQAVAgTDFBGdVoIBQATEQAUcx9aFQQTQkcFME0FBloEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
[-] [C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1809 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by Bobby (administrator) on KIDS (27-11-2015 14:14:30)
Running from C:\Users\Bobby\Desktop
Loaded Profiles: Bobby (Available Profiles: Bobby)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sysinternals - www.sysinternals.com) C:\Users\Bobby\Saved Games\Desktops.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zelotes Electronic Technology Co., Ltd.) C:\Program Files\zelotesMouse\zelotes.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.)
HKU\S-1-5-21-2549109481-98264164-474337781-1001\...\Run: [Sysinternals Desktops] => C:\Users\Bobby\Saved Games\Desktops.exe [116824 2015-08-22] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-2549109481-98264164-474337781-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{4DF94DCE-C2B0-4B1A-A2FB-0F2C41A696AF}: [DhcpNameServer] 10.12.12.12
Tcpip\..\Interfaces\{8E364B5C-7A6D-47C6-A2F7-44764D16DCA9}: [DhcpNameServer] 10.12.12.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2549109481-98264164-474337781-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2549109481-98264164-474337781-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = ROBLOX.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {445F84DC-BB86-4225-B4B6-3E2C295CB0BE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {445F84DC-BB86-4225-B4B6-3E2C295CB0BE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2549109481-98264164-474337781-1001 -> {445F84DC-BB86-4225-B4B6-3E2C295CB0BE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2549109481-98264164-474337781-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2549109481-98264164-474337781-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\9vhh253a.default
FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] ()
FF Plugin HKU\S-1-5-21-2549109481-98264164-474337781-1001: @nsroblox.roblox.com/launcher -> C:\Users\Bobby\AppData\Local\Roblox\Versions\version-cdc47f439edb4527\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2549109481-98264164-474337781-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Bobby\AppData\Local\Roblox\Versions\version-cdc47f439edb4527\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2549109481-98264164-474337781-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bobby\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
CHR Profile: C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-24]
CHR Extension: (Agar.io Powerups) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedcgdhahoncejkihgfnecicebndbhc [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-09-18] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-09-18] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-10-26] (LogMeIn Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 14:14 - 2015-11-27 14:14 - 00018369 _____ C:\Users\Bobby\Desktop\FRST.txt
2015-11-27 14:14 - 2015-11-27 14:14 - 00000000 ____D C:\FRST
2015-11-27 14:08 - 2015-11-27 14:10 - 00000000 ____D C:\AdwCleaner
2015-11-27 14:04 - 2015-11-27 14:07 - 01733632 _____ C:\Users\Bobby\Desktop\AdwCleaner.exe
2015-11-26 16:08 - 2015-11-26 16:09 - 02348544 _____ (Farbar) C:\Users\Bobby\Desktop\FRST64.exe
2015-11-26 16:00 - 2015-11-26 16:00 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-26 16:00 - 2015-11-26 16:00 - 00000000 _____ C:\Users\Bobby\AppData\Local\{3ECE816A-2FE4-4F01-93F3-C8F29A6CC1D2}
2015-11-26 14:44 - 2015-11-26 14:44 - 00000000 ____D C:\Users\Bobby\AppData\Local\CEF
2015-11-26 14:32 - 2015-11-27 14:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 14:31 - 2015-11-26 14:31 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-26 14:31 - 2015-11-26 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-26 14:31 - 2015-11-26 14:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-26 14:31 - 2015-11-26 14:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-26 14:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-26 14:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-26 14:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-26 11:46 - 2015-11-26 11:46 - 00000000 ____D C:\Users\Bobby\AppData\Local\Bluestacks
2015-11-26 11:44 - 2015-11-26 11:44 - 00591498 _____ ( ) C:\Users\Bobby\Downloads\Unconfirmed 396430.crdownload
2015-11-26 11:43 - 2015-11-27 12:41 - 00000266 _____ C:\WINDOWS\Tasks\ClutterStar24.job
2015-11-26 11:43 - 2015-11-26 11:43 - 00003100 _____ C:\WINDOWS\System32\Tasks\ClutterStar24
2015-11-26 11:42 - 2015-11-27 14:15 - 00000262 _____ C:\WINDOWS\Tasks\AcidEve5.job
2015-11-26 11:42 - 2015-11-26 15:59 - 00000000 ____D C:\Users\Bobby\AppData\Local\LighScal411
2015-11-26 11:42 - 2015-11-26 15:59 - 00000000 ____D C:\Users\Bobby\AppData\Local\GolSho333
2015-11-26 11:42 - 2015-11-26 11:42 - 00003096 _____ C:\WINDOWS\System32\Tasks\AcidEve5
2015-11-26 10:52 - 2015-11-26 10:52 - 00002201 _____ C:\Users\Bobby\Desktop\HP Support Assistant.lnk
2015-11-24 16:23 - 2015-11-24 16:23 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Agarp
2015-11-21 22:02 - 2015-11-21 22:02 - 00010276 _____ C:\Users\Bobby\Downloads\images.jpe
2015-11-21 22:00 - 2015-11-21 22:00 - 00015459 _____ C:\Users\Bobby\Downloads\download.jpe
2015-11-15 22:18 - 2015-11-21 15:37 - 00011540 _____ C:\Users\Bobby\Downloads\cow 2.jpe
2015-11-12 20:15 - 2015-11-26 16:00 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBobby.job
2015-11-12 20:15 - 2015-11-25 21:57 - 00003156 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBobby
2015-11-10 14:50 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 14:50 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 14:50 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 14:50 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 14:50 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 14:50 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 14:50 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 14:50 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 14:50 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 14:50 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 14:50 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 14:50 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 14:50 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 14:50 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 14:50 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 14:50 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 14:50 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 14:50 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 14:50 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 14:50 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 14:50 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 14:50 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 14:50 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 14:50 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 14:50 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 14:50 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 14:50 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 14:50 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 14:50 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 14:50 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 14:50 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 14:50 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 14:50 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 14:50 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 14:50 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 14:50 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 14:50 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 14:50 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 14:50 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 14:50 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 14:50 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 14:50 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 14:50 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 14:50 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 14:50 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 14:50 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 14:50 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 14:50 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 14:50 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 14:50 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 14:50 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 14:50 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 14:50 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 14:50 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 14:50 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 14:50 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 14:50 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 14:50 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 14:50 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 14:50 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 14:50 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 14:50 - 2015-09-29 06:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 14:50 - 2015-09-12 07:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 14:50 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 14:50 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 14:50 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 14:50 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 14:50 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 14:50 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 14:50 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 14:50 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 14:50 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 14:50 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 14:50 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 14:50 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 14:50 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-10 14:50 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-10 14:50 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-03 20:04 - 2015-11-03 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-03 20:04 - 2015-11-03 20:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-01 14:44 - 2015-11-01 14:44 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's
2015-11-01 14:44 - 2015-11-01 14:44 - 00000000 ____D C:\Program Files (x86)\Five Nights at Freddy's

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 14:14 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-11-27 14:12 - 2015-10-12 17:14 - 00000000 ____D C:\Users\Bobby\AppData\Local\LogMeIn Hamachi
2015-11-27 14:11 - 2015-08-05 09:39 - 00000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-11-27 14:11 - 2014-07-24 10:26 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 14:11 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 14:10 - 2014-07-24 10:26 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-27 14:01 - 2014-10-24 21:12 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{512DC9F7-0E64-46B2-A3DE-FB7BDF4203DE}
2015-11-27 13:33 - 2014-10-08 16:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-27 07:30 - 2014-09-24 01:15 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 07:30 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-26 18:03 - 2013-04-09 12:13 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2549109481-98264164-474337781-1001
2015-11-26 16:06 - 2013-04-04 13:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-26 16:06 - 2013-04-04 13:23 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-26 16:00 - 2013-08-22 08:44 - 00497064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-26 15:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-26 15:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-11-26 15:59 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-26 11:46 - 2013-06-26 13:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-11-26 11:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-11-26 10:52 - 2013-04-04 13:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-26 10:52 - 2013-04-04 13:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 10:52 - 2013-04-04 13:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-26 10:50 - 2012-10-11 21:24 - 00000000 ____D C:\SWSETUP
2015-11-25 08:29 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 08:28 - 2013-09-30 17:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 16:23 - 2013-06-14 09:59 - 00000000 ____D C:\Users\Bobby\Desktop\Games
2015-11-24 12:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-24 09:05 - 2014-10-08 16:24 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-11-15 17:04 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 20:17 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-12 20:17 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 20:15 - 2013-07-24 14:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 20:09 - 2013-04-10 12:48 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:37 - 2014-10-08 16:01 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 18:11 - 2014-07-24 10:27 - 00002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-02 22:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-02 18:23 - 2014-09-24 03:55 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-02 18:23 - 2014-09-24 03:55 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 14:45 - 2015-10-19 19:29 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\MMFApplications

==================== Files in the root of some directories =======

2014-09-29 21:12 - 2014-09-29 21:12 - 0007602 _____ () C:\Users\Bobby\AppData\Local\Resmon.ResmonCfg
2015-06-30 22:53 - 2015-06-30 22:53 - 0000000 _____ () C:\Users\Bobby\AppData\Local\{02C8D21F-C085-48F6-A6F4-BBAE142242BE}
2015-11-26 16:00 - 2015-11-26 16:00 - 0000000 _____ () C:\Users\Bobby\AppData\Local\{3ECE816A-2FE4-4F01-93F3-C8F29A6CC1D2}
2013-12-06 19:22 - 2013-12-06 19:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-09 14:23 - 2014-12-27 09:54 - 0005710 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Bobby\AppData\Local\Temp\Extract.exe
C:\Users\Bobby\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Bobby\AppData\Local\Temp\SP64076.exe
C:\Users\Bobby\AppData\Local\Temp\sqlite3.dll
C:\Users\Bobby\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-19 23:11

==================== End of FRST.txt ============================
Attached Files
File Type: txt FRST.txt (35.6 KB, 20 views)
File Type: txt Addition.txt (39.2 KB, 24 views)
Wolfy-Friend is offline  
Sponsored Links
Advertisement
 
Old 11-28-2015, 07:47 AM   #4
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Ummm okay, I am on my laptop, and I see that the FRST.txt file is also in my last post. I don't know why it did that, but I couldn't and still cannot see it on the malware/virus infested PC. I did however have the FRST.txt and Addition.txt uploaded as attachments.
Wolfy-Friend is offline  
Old 11-28-2015, 04:10 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend, Please dothe following.

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\Users\Bobby\AppData\Local\GOLSHO~1\Golist.exe

Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

=========================================================

Please do the above instructions for the following file.

C:\Users\Bobby\AppData\Local\GolSho333\Goalign.exe


__________________
tekir06 is offline  
Old 11-28-2015, 08:07 PM   #6
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Thanks for the response. But I have a problem.

Those files are not there. In the GolSho file, there is 3 items: Goanalyze which is a file, Goreturn.dll which is an application extension, and Gosegment which is a file.

Also that "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT" has started reappearing. Anytime I open any browser.

What do I do now?
Wolfy-Friend is offline  
Old 11-30-2015, 12:19 AM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Have you tried to view the Appdata folder? If you haven't tried please doing the following.

Control panel, folder options, view, show hidden files , folders and drives.
__________________
tekir06 is offline  
Old 11-30-2015, 07:15 AM   #8
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Yes. I looked in the AppData folder. Neither of the files you asked me to scan were in there. I also had Hidden Files showing... Sadly, I cannot find them.

What should I do about the browser hijacker? Right now I have MalwareBytes blocking the site. It doesn't load, but it still is trying to take me there.
Wolfy-Friend is offline  
Old 12-01-2015, 12:34 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Ok. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
2015-11-26 11:42 - 2015-11-26 15:59 - 00000000 ____D C:\Users\Bobby\AppData\Local\GolSho333
Task: {058463D5-1710-43CD-919D-2FB33F82B355} - System32\Tasks\ClutterStar24 => C:\Users\Bobby\AppData\Local\GolSho333\Goalign.exe
Task: {35B722AA-9128-4E6A-8BD3-A8CFFD144E4A} - \One System Care Monitor -> No File <==== ATTENTION
Task: {3FF1DF8B-B47D-436E-8A6B-6F0CE298D6E3} - \UpdateAdmin -> No File <==== ATTENTION
Task: {B9205140-44DF-4CFC-9519-4164891D674B} - System32\Tasks\AcidEve5 => C:\Users\Bobby\AppData\Local\GOLSHO~1\Golist.exe
Task: C:\WINDOWS\Tasks\AcidEve5.job => C:\Users\Bobby\AppData\Local\GOLSHO~1\Golist.exe
Task: C:\WINDOWS\Tasks\ClutterStar24.job => C:\Users\Bobby\AppData\Local\GolSho333\Goalign.exe
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 12-01-2015, 06:28 PM   #10
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Thanks. I ran the fix list, after my computer turned back on, and got on my internet browser of choice. The browser hijacker was not popping up. I am not sure if my computer is 100% clean yet though. I will stay with this thread.

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Bobby (2015-12-01 20:23:25) Run:1
Running from C:\Users\Bobby\Desktop
Loaded Profiles: Bobby (Available Profiles: Bobby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdA4JAwtJFxgTd18LTA1CQ1AOeAwJAxQURABAcF0BAwlEFgYFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
2015-11-26 11:42 - 2015-11-26 15:59 - 00000000 ____D C:\Users\Bobby\AppData\Local\GolSho333
Task: {058463D5-1710-43CD-919D-2FB33F82B355} - System32\Tasks\ClutterStar24 => C:\Users\Bobby\AppData\Local\GolSho333\Goalign.exe
Task: {35B722AA-9128-4E6A-8BD3-A8CFFD144E4A} - \One System Care Monitor -> No File <==== ATTENTION
Task: {3FF1DF8B-B47D-436E-8A6B-6F0CE298D6E3} - \UpdateAdmin -> No File <==== ATTENTION
Task: {B9205140-44DF-4CFC-9519-4164891D674B} - System32\Tasks\AcidEve5 => C:\Users\Bobby\AppData\Local\GOLSHO~1\Golist.exe
Task: C:\WINDOWS\Tasks\AcidEve5.job => C:\Users\Bobby\AppData\Local\GOLSHO~1\Golist.exe
Task: C:\WINDOWS\Tasks\ClutterStar24.job => C:\Users\Bobby\AppData\Local\GolSho333\Goalign.exe
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
RestoreOnStartup => not found.
Chrome StartupUrls => removed successfully
C:\Users\Bobby\AppData\Local\GolSho333 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{058463D5-1710-43CD-919D-2FB33F82B355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{058463D5-1710-43CD-919D-2FB33F82B355}" => key removed successfully
C:\WINDOWS\System32\Tasks\ClutterStar24 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ClutterStar24" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35B722AA-9128-4E6A-8BD3-A8CFFD144E4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35B722AA-9128-4E6A-8BD3-A8CFFD144E4A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FF1DF8B-B47D-436E-8A6B-6F0CE298D6E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FF1DF8B-B47D-436E-8A6B-6F0CE298D6E3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9205140-44DF-4CFC-9519-4164891D674B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9205140-44DF-4CFC-9519-4164891D674B}" => key removed successfully
C:\WINDOWS\System32\Tasks\AcidEve5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcidEve5" => key removed successfully
C:\WINDOWS\Tasks\AcidEve5.job => moved successfully
C:\WINDOWS\Tasks\ClutterStar24.job => moved successfully
EmptyTemp: => 3.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:24:42 ====
Wolfy-Friend is offline  
Old 12-01-2015, 11:21 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Please do the following.

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology

Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 12-04-2015, 09:28 AM   #12
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Sorry I have not gotten back to you, I am currently at school as I post this with ESET running on the PC at home. Hopefully not too much is found.
Wolfy-Friend is offline  
Old 12-04-2015, 03:31 PM   #13
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



OK, I am home, here is what ESET has said about my PC:

C:\Games\Watch Dogs\bin\Watch_Dogs.exe Win64/HackTool.Crack.A potentially unsafe application
C:\Program Files\Strogino CS Portal\Garrys Mod\UltimateNameChanger.exe a variant of Win32/GameTool.D potentially unsafe application
C:\Users\Bobby\Downloads\Unconfirmed 396430.crdownload Win32/Conduit.SearchProtect.AF potentially unwanted application
C:\Windows\Installer\eeab0da.msi a variant of Win32/Verti.Q potentially unwanted application
C:\Windows\Installer\eeab0df.msi a variant of Win32/DownloadAdmin.K potentially unwanted application

I remind you, I do not use this PC, I am not responsible for these files, but instead is my brothers and sisters.
Wolfy-Friend is offline  
Old 12-05-2015, 03:16 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Ok. I understand. Let's remove found by ESET. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
CreateRestorePoint:
C:\Games\Watch Dogs\bin\Watch_Dogs.exe Win64/HackTool.Crack.A
C:\Program Files\Strogino CS Portal\Garrys Mod\UltimateNameChanger.exe
C:\Users\Bobby\Downloads\Unconfirmed 396430.crdownload Win32/Conduit.SearchProtect.AF
C:\Windows\Installer\eeab0da.msi
C:\Windows\Installer\eeab0df.msi 
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 12-06-2015, 09:54 AM   #15
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Okay, I ran the fixlist. Hope my family doesn't get mad at me for breaking their illegal game downloads... Kidding, they should of bought the game instead of cracking it.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Bobby (2015-12-06 11:38:21) Run:2
Running from C:\Users\Bobby\Desktop
Loaded Profiles: Bobby (Available Profiles: Bobby)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Games\Watch Dogs\bin\Watch_Dogs.exe Win64/HackTool.Crack.A
C:\Program Files\Strogino CS Portal\Garrys Mod\UltimateNameChanger.exe
C:\Users\Bobby\Downloads\Unconfirmed 396430.crdownload Win32/Conduit.SearchProtect.AF
C:\Windows\Installer\eeab0da.msi
C:\Windows\Installer\eeab0df.msi
EmptyTemp:
*****************

Restore point was successfully created.
"C:\Games\Watch Dogs\bin\Watch_Dogs.exe Win64/HackTool.Crack.A" => not found.
C:\Program Files\Strogino CS Portal\Garrys Mod\UltimateNameChanger.exe => moved successfully
"C:\Users\Bobby\Downloads\Unconfirmed 396430.crdownload Win32/Conduit.SearchProtect.AF" => not found.
C:\Windows\Installer\eeab0da.msi => moved successfully
C:\Windows\Installer\eeab0df.msi => moved successfully
EmptyTemp: => 370.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:39:19 ====
Wolfy-Friend is offline  
Old 12-07-2015, 01:20 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Quote:
they should of bought the game instead of cracking it.
You're right You can warn them about this issue.

Please do the following. Then please tell me how is the machine behaving now? What problems do you still have?


Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 12-07-2015, 07:43 PM   #17
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



Okay, I ran Malwarebytes. Scanned my PC and only a little bit of Non-Malware was detected.
Attached Files
File Type: txt Malwarebytes.txt (1.5 KB, 23 views)
Wolfy-Friend is offline  
Old 12-08-2015, 12:38 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Thanks for the log. Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP


Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 8.1

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 8.1 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 12-08-2015, 03:24 PM   #19
Registered Member
 
Join Date: May 2015
Location: San Antonio, Texas
Posts: 79
OS: Windows 10 x64



I ran DelFix, but... I have a problem...

That internet browser hijacker is back. The only thing thats been downloaded was the programs listed, I need help again...
Wolfy-Friend is offline  
Old 12-09-2015, 03:53 AM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Wolfy-Friend,

Weird. Your reports seemed clean. Ok. Which browser is this happening in? Does it happen in all browsers?

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista reboots before login
Hello everyone, A client brought to me a PC with Windows Vista SP2 installed. Just before the login, the systems restarts without a BSOD. I have already check HDD and RAM and there is nothing wrong. I also tried system restore, the system booted, but after a restart, the same happened. Also...
John_F_L Windows 7 , Windows Vista Support 9 01-01-2015 12:23 PM
Windows 7 Logo freeze
my windows 7 freezes when it reaches the logo just barley getting the starting dots of the logo and I cant seem to figure out what it is. No viruses malware etc... Ran all diagnostic tools Of course ran safemode All drivers, bios etc... are up to date Hardware is no where near underpowered ...
Rikue Windows 7 , Windows Vista Support 11 09-18-2012 07:34 PM
Multiple Blue Screen Errors (VISTA)
I wont post the whole story because it was quite long but here is a link to another help forum I posted on. Vista Multiple Blue Screen Errors - PC Help Forum - Windows Vista Service Pack 2 (x86) - OS came pre-installed on computer - Hardware and OS is about 3-4 years old I believe -AMD...
Npons BSOD, App Crashes And Hangs 7 05-01-2012 12:42 PM
[SOLVED] Rootkit problem: hidden boot sector.
Dearest Techies: I have Windows 7 Home Premium on a Dell Inspiron N7010 Notebook. A few days ago the computer would not start and took me to the windows 7 startup repair utility, and it was unsuccessful in repairing the problem. I ended up having to restore the system to factory settings to get...
Raygumm Resolved HJT Threads 60 07-03-2011 09:07 PM
[HELP]BSoD Error With Unknown Driver kskvhx.sys
051611-33571-01.dmp 5/16/2011 9:27:12 AM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0xbea77000 0x00000002 0x00000000 0x83e30ccb kskvhx.sys kskvhx.sys+4ccb 32-bit C:\Windows\Minidump\051611-33571-01.dmp 1 15 7600 145,888 This is my minidump after a BSoD :/ I can't find the driver for...
IzFluffy BSOD, App Crashes And Hangs 5 05-18-2011 01:54 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:23 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts