Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

slow computer - malware - blocked from attaching addition.txt

This is a discussion on slow computer - malware - blocked from attaching addition.txt within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020 Ran by ron (administrator) on DESKTOP-T7FEF9L (Dell Inc. OptiPlex


Like Tree1Likes
Closed Thread
 
Thread Tools Search this Thread
Old 01-21-2020, 08:22 AM   #1
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by ron (administrator) on DESKTOP-T7FEF9L (Dell Inc. OptiPlex 7010) (21-01-2020 10:10:53)
Running from C:\Users\ron\Downloads
Loaded Profiles: ron (Available Profiles: ron)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2917632 2016-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2016-11-22] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178912 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [DellSystemDetect] => C:\Users\ron\AppData\Local\Apps\2.0\TDKK3HDC.PKC\DXLOK7LW.LM0\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe [313264 2017-07-21] (Dell Inc -> Dell)
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [Chromium] => c:\users\ron\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06661EBD-EFC8-4105-8A0A-9DD03AB896FB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {07070EC9-85EB-419E-83BB-C177B3970A43} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {09242B71-6269-4786-8564-E03237145E03} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {523F3693-07ED-49F0-9EC5-9F9F088C25A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5BAF6494-726E-45CD-B796-4AC09882041C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {61286F8D-BEFE-4E56-A9D6-59AD1242D5CD} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3917128 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {67DA32EB-6202-483E-82ED-CD6DA817561B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {68BC3FF4-5054-40CE-9009-F16A13426F29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {7C7BA83D-D8A4-4222-8CB7-F1713CD8A0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-23] (Google Inc -> Google Inc.)
Task: {A0BAADFC-5A1F-4BC1-A76A-9EEB83DCB434} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {A4A5CA02-D9D9-4748-878C-92D8E395AE97} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {B4787F19-F475-405A-B819-294EEBD9DD0D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5753752 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {BC921946-1FBE-4F98-A93F-D5D6CF2A4796} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {C1312372-9244-44A0-8BCF-48E799B1E670} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [435672 2017-05-29] (Dell Inc. -> PC-Doctor, Inc.)
Task: {C3EBD308-8D32-4F34-927A-3C183B439451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-23] (Google Inc -> Google Inc.)
Task: {F050493F-9257-4C53-A4C4-326A5249E61F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6193080 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CouponViewer Toolbar.job => C:\Users\ron\AppData\Local\Programs\CouponViewer\Add-On\2017.4.2.1\CVHP.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b7e96db6-2283-43b8-be95-9b21cc9a539d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-06-14] (Google Inc -> Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-06-14] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-06-14] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-06-14] (Google Inc -> Google Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]

Edge:
======
DownloadDir: C:\Users\ron\Downloads

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075259716-4219239708-4241734008-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-06-27] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3075259716-4219239708-4241734008-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-06-27] (TD Ameritrade -> TD Ameritrade)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default [2020-01-17]
CHR Extension: (Docs) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05]
CHR Extension: (YouTube) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-11]
CHR Extension: (Avast Online Security) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-09-11]
CHR Extension: (Autofill) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2019-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Search Manager) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2019-10-31]
CHR Extension: (Gmail) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-11]
CHR Extension: (Chrome Media Router) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [160584 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-15] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [488736 2016-11-22] (Intel(R) Intel Network Drivers -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2540800 2016-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 10:10 - 2020-01-21 10:12 - 000026902 _____ C:\Users\ron\Downloads\FRST.txt
2020-01-21 10:09 - 2020-01-21 10:09 - 002572800 _____ (Farbar) C:\Users\ron\Downloads\FRST64.exe
2020-01-17 19:34 - 2020-01-17 19:34 - 000003129 _____ C:\WINDOWS\wininit.ini
2020-01-15 11:15 - 2020-01-15 11:17 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 009668408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 008905728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 007922688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 006543736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 002323896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001665712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000541264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000410616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000350416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000122568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002419712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002149160 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001936520 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001670800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001258296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 001084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000677144 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000405304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 10:11 - 2017-05-17 14:40 - 000000000 ____D C:\FRST
2020-01-21 10:09 - 2017-10-18 12:51 - 000002320 _____ C:\Users\ron\Desktop\Chromium.lnk
2020-01-21 10:09 - 2016-11-22 18:27 - 000001851 _____ C:\Users\ron\Desktop\Command Prompt.lnk
2020-01-21 09:48 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-21 09:26 - 2018-01-22 19:26 - 000000000 ____D C:\Program Files\ByteFence
2020-01-21 09:24 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-21 09:24 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-21 09:23 - 2019-06-07 17:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-17 10:21 - 2018-06-13 09:06 - 000000154 _____ C:\Users\ron\AppData\Roaming\WB.CFG
2020-01-16 19:32 - 2016-11-23 13:14 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 19:32 - 2016-11-23 13:14 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-16 19:32 - 2016-11-23 13:14 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-16 12:54 - 2016-11-22 18:27 - 000190464 _____ C:\Users\ron\Desktop\D1A52E40.xls
2020-01-16 09:22 - 2017-07-07 08:40 - 000000000 ____D C:\Program Files\UNP
2020-01-16 09:15 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-16 09:15 - 2018-07-24 16:58 - 000000000 ____D C:\Users\ron\AppData\Local\CrashDumps
2020-01-16 09:14 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2020-01-16 09:07 - 2019-06-07 17:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-16 09:07 - 2019-06-07 17:24 - 000286440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-15 19:41 - 2018-09-15 01:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-15 11:20 - 2016-11-22 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-15 11:18 - 2016-11-22 15:24 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-15 10:48 - 2019-06-07 17:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-15 09:18 - 2016-12-03 04:26 - 000000000 ____D C:\Users\ron\AppData\Local\ConnectedDevicesPlatform
2020-01-14 09:37 - 2016-11-22 17:21 - 000000000 ____D C:\Users\ron\AppData\Local\Comms

==================== Files in the root of some directories ========

2018-06-13 09:06 - 2020-01-17 10:21 - 000000154 _____ () C:\Users\ron\AppData\Roaming\WB.CFG
2018-03-05 17:30 - 2018-03-05 17:30 - 000000017 _____ () C:\Users\ron\AppData\Local\resmon.resmoncfg
2018-12-11 13:38 - 2018-12-11 13:38 - 000000000 _____ () C:\Users\ron\AppData\Local\{234FAE3F-78C9-4DE1-92C2-54166F8A376A}
2019-03-05 11:23 - 2019-03-05 11:23 - 000000000 _____ () C:\Users\ron\AppData\Local\{60C9BEBD-44CA-4C42-ADC7-90F70DDBFCBD}
2019-01-29 08:54 - 2019-01-29 08:54 - 000000000 _____ () C:\Users\ron\AppData\Local\{6A79A31C-3C80-4A8E-A91C-C013068FD406}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
beavis1122 is offline  
Sponsored Links
Advertisement
 
Old 01-21-2020, 10:15 AM   #2
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



I need to see your Addition.txt file.

If you can't attach it, then please post it (like you did with FRST.txt).
__________________
Gary R is offline  
Old 01-22-2020, 07:28 AM   #3
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



it says the website is blocking the attachment and also blocking when I copy and paste.
beavis1122 is offline  
Sponsored Links
Advertisement
 
Old 01-22-2020, 07:30 AM   #4
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



blocked when pasting the addition.txt

Cloudflare Ray ID: 559238c85e76f12a • Your IP: 71.244.107.154 • Performance & security by Cloudflare
beavis1122 is offline  
Old 01-22-2020, 08:01 AM   #5
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



I need to see it, so see if you can find a free file hosting service that will allow you to upload your Addition.txt file to it, and then post me a link to it.
__________________
Gary R is offline  
Old 01-23-2020, 07:36 AM   #6
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



https://www1.zippyshare.com/v/SSzcEnvO/file.html


addition.text link

thx
beavis1122 is offline  
Old 01-23-2020, 07:52 AM   #7
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Sorry, that link doesn't work for me, when I click on it all I get is a 403 forbidden notice.
__________________
Gary R is offline  
Old 01-24-2020, 07:20 AM   #8
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



do u know of a different file hosting service I can use ?
beavis1122 is offline  
Old 01-24-2020, 09:12 AM   #9
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,683
OS: Windows 7 Professional SP1

My System


Try to zip it, then attach.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 01-24-2020, 09:53 AM   #10
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Quote:
Originally Posted by Deejay100six View Post
Try to zip it, then attach.
+1

Try Deejay's suggestion first (sorry should have thought of that myself), if that doesn't work, then give Mediafire (Basic package should be free) a go ... https://www.mediafire.com/
__________________
Gary R is offline  
Old 01-24-2020, 11:21 AM   #11
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



ok I tried google drive before I read your last suggestions.

https://drive.google.com/file/d/1nt1...ew?usp=sharing
beavis1122 is offline  
Old 01-24-2020, 11:39 AM   #12
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,683
OS: Windows 7 Professional SP1

My System


Testing zip upload.

Looks like it works. Perhaps the instructions should be changed at least until the issue is resolved.
Attached Files
File Type: zip New Text Document (2).zip (7.3 KB, 3 views)
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 01-24-2020, 04:38 PM   #13
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



OK, got both your FRST logs now and am looking them over.

This may take a while, and it's nearing midnight where I am, so it's probably going to be tomorrow before I get back to you.

I'll try to make it morning, but I know I'm going to be busy tomorrow, so it may have to be in the afternoon.
__________________
Gary R is offline  
Old 01-24-2020, 11:15 PM   #14
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Before we start cleaning your computer: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

So that said, let's get started ....
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
CreateRestorePoint:
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {09242B71-6269-4786-8564-E03237145E03} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {61286F8D-BEFE-4E56-A9D6-59AD1242D5CD} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3917128 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: C:\WINDOWS\Tasks\CouponViewer Toolbar.job => C:\Users\ron\AppData\Local\Programs\CouponViewer\Add-On\2017.4.2.1\CVHP.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [160584 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
C:\Program Files\ByteFence\ByteFenceService.exe
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2020-01-21 09:26 - 2018-01-22 19:26 - 000000000 ____D C:\Program Files\ByteFence
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.5.0.1 - Byte Technologies LLC) <==== ATTENTION
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.5.0.1 - Byte Technologies LLC) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
VirusTotal:C:\WINDOWS\system32\DrtmAuth8.bin;C:\WINDOWS\system32\DrtmAuth7.bin;C:\WINDOWS\system32\DrtmAuth6.bin;C:\WINDOWS\system32\DrtmAuth5.bin;C:\WINDOWS\system32\DrtmAuth4.bin;C:\WINDOWS\system32\DrtmAuth3.bin;C:\WINDOWS\system32\DrtmAuth2.bin;C:\WINDOWS\system32\DrtmAuth1.bin;C:\Users\ron\Desktop\Webx1669.mp4;C:\Users\ron\Desktop\Wild_KittyCat.07.09.13.mp4
cmd:ipconfig /flushdns
emptytemp:
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.[/*]
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • ESet.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
icotonev likes this.
__________________
Gary R is offline  
Old 01-27-2020, 08:24 AM   #15
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



I try not to do tech stuff over the weekends. frst no says not compatible with my operating system. please use frst64. so I will unistall this and upload the other version. also before I read ur last message I uninstalled the bytefence program because I was getting popups. also I think when I was trying to get a host sharing program, web defense, loaded on my machine.
beavis1122 is offline  
Old 01-27-2020, 09:45 AM   #16
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



frst opened when clicked on icon in downloads and not the old icon I had on desktop. attached
Attached Files
File Type: txt Fixlog.txt (355 Bytes, 5 views)
beavis1122 is offline  
Old 01-27-2020, 10:17 AM   #17
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



The fixlog you have posted shows that you did not enter the fixlist that I gave you in my last post.

Please follow the instructions in my last post again, and post me the "new" fixlog.

Also, I need to see the results of the e-set scan I asked you to run.
__________________
Gary R is offline  
Old 01-27-2020, 11:53 AM   #18
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



1/27/2020 13:41:06 PM
Files scanned: 323505
Detected files: 25
Cleaned files: 23
Total scan time 01:45:05
Scan status: Finished
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\Coupons\uninstall.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting

C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application cleaned by deleting

C:\Program Files (x86)\iPCAP\avs.dll a variant of Win32/Adware.PCAcceleratePro.J application cleaned by deleting

C:\Program Files (x86)\iPCAP\dit.exe a variant of Win32/Adware.PCAcceleratePro.J application cleaned by deleting

C:\Program Files (x86)\iPCAP\ditx.exe a variant of Win64/Adware.PCAcceleratePro.A application cleaned by deleting

C:\Program Files (x86)\iPCAP\iPCAP.exe a variant of Win32/Adware.PCAcceleratePro.I application cleaned by deleting

C:\Program Files (x86)\iPCAP\uninstall.exe a variant of Win32/Adware.PCAcceleratePro.I application cleaned by deleting

C:\ProgramData\BriefMedianAMG\BriefMedianAMG.exe a variant of Win64/Adware.OpenSUpdater.AB application cleaned by deleting (after the next restart)

C:\Users\All Users\BriefMedianAMG\BriefMedianAMG.exe a variant of Win64/Adware.OpenSUpdater.AB application cleaned by deleting (after the next restart)

C:\Users\ron\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.56_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting

C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicjgpamgcnpiacdciefbgahmkhhogc\1.2.0_0\background.js JS/Adware.OpenSUpdater.B application cleaned by deleting

C:\Users\ron\AppData\Local\Programs\CouponViewer\Add-On\2017.4.2.1\CVHP.exe a variant of Win32/Toolbar.BeFrugal.A potentially unwanted application cleaned by deleting

C:\Users\ron\AppData\Local\Programs\CouponViewer\Add-On\2017.4.2.1\CVNB.dll a variant of Win32/Toolbar.BeFrugal.A potentially unwanted application cleaned by deleting

C:\Users\ron\AppData\Local\Temp\nsf8E2E.tmp\inetc.dll Win32/Agent.ABMK trojan cleaned by deleting

C:\Users\ron\AppData\Local\Temp\nshA148.tmp\inetc.dll Win32/Agent.ABMK trojan cleaned by deleting

C:\Users\ron\AppData\Local\Temp\si1\ymy.exe Win32/InstallCore.Gen.F potentially unwanted application cleaned by deleting

C:\Users\ron\AppData\Roaming\RelevantKnowledge\rkverify.exe Win32/Adware.RK.AZ application cleaned by deleting

C:\Users\ron\Downloads\ccsetup531.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

C:\Users\ron\Downloads\CouponPrinterCPS (1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting

C:\Users\ron\Downloads\CouponPrinterCPS (2).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting

C:\Users\ron\Downloads\CouponPrinterCPS (3).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting

C:\Windows\CouponPrinter.ocx a variant of Win32/Adware.Coupons.AA application cleaned by deleting

Autostart locations a variant of Win64/Adware.OpenSUpdater.AB application contained infected files
beavis1122 is offline  
Old 01-27-2020, 12:24 PM   #19
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



attached fixlog. I think the issue was I needed to click back on the notepad file before saving it.
Attached Files
File Type: txt Fixlog.txt (12.0 KB, 2 views)
beavis1122 is offline  
Old 01-27-2020, 03:15 PM   #20
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 550
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Scripted items look to have been successfully processed by FRST.

With the exception of the following 2 items ...

Quote:
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-959.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)
.... (which although of questionable use, are part of Avast, and therefore protected by it against removal) e-set has successfully removed the items it detected.

If you haven't already done so, please reboot your computer, and then run a new scan with FRST, and post me the new FRST.txt and Addition.txt logs.

Also ... please let me know how your computer is running now.
__________________
Gary R is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:44 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts