Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
70 Posts
Discussion Starter #1
I am getting an error not letting me paste the results of the FRST scan. I have attached it instead and hopefully that suffices. I wish I could give more information into my virus concerns. I recently came back to using this computer and my wife installed a Valve index in the months prior. I'm unsure if she accidentally downloaded something or if it is just something I missed. I saw an odd file on the desktop of all locations and it was something like "praxis-deije.gif" or something close to that. I deleted the file after virus scans showed no issues. The computer is not acting odd outside of some sound issues I have to troubleshoot that are likely to the valve index being installed. Please analyze and see if anything is suspicious. Thanks
 

Attachments

·
Moderator , Security Team
Joined
·
873 Posts
Looking over your logs. I'm going to be busy this morning, so it will probably be some time later today when I get back to you.
 

·
Moderator , Security Team
Joined
·
873 Posts
No signs of an active infection in the logs you've supplied. There's a few files I'd like to check further, just because there's a few inconsistencies with them. I've no reason to suspect thet they're anything but legit, but I just like to be sure.

So ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
Code:
VirusTotal: C:\Windows\SysWOW64\XtuService.exe;C:\Program Files\Tt\Tool\LibHWInfo.exe;C:\Users\daveh\AppData\Local\Temp\HWiNFO64A_150.SYS;C:\WINDOWS\system32\DRIVERS\kbexlwf.sys;C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys

EmptyTemp:

CMD: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
Please remove the following Chrome Extensions (which I can find no definitive information for) ...

CHR Extension: (Chrome Web Store Payments) - C:\Users\daveh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\daveh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-15]


 

·
Registered
Joined
·
70 Posts
Discussion Starter #4
I am so sorry this slipped my mind, I know your time is valuable. I will post the txtlog and I just want to clarify the extensions to delete. They took a little digging to actually find and I deleted two of them. Am I correct in assuming the "Chrome Web Store Payments is the extension and then the path was given for the first. The second extension being Chrome Media Router then the path given? If so, then I deleted the two folders as they didn't populate in chrome. The following is the log you requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by daveh (14-10-2020 20:05:31) Run:1
Running from C:\Users\daveh\Downloads\FRST-OlderVersion
Loaded Profiles: daveh
Boot Mode: Normal
==============================================

fixlist content:
*
VirusTotal: C:\Windows\SysWOW64\XtuService.exe;C:\Program Files\Tt\Tool\LibHWInfo.exe;C:\Users\daveh\AppData\Local\Temp\HWiNFO64A_150.SYS;C:\WINDOWS\system32\DRIVERS\kbexlwf.sys;C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys

EmptyTemp:

CMD: ipconfig /flushdns
*

VirusTotal: C:\Windows\SysWOW64\XtuService.exe => VirusTotal
VirusTotal: C:\Program Files\Tt\Tool\LibHWInfo.exe => VirusTotal
VirusTotal: C:\Users\daveh\AppData\Local\Temp\HWiNFO64A_150.SYS => VirusTotal
VirusTotal: C:\WINDOWS\system32\DRIVERS\kbexlwf.sys => VirusTotal
VirusTotal: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys => VirusTotal

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19032044 B
Java, Flash, Steam htmlcache => 342377687 B
Windows/system/drivers => 6626514 B
Edge => 36840 B
Chrome => 133767647 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 10228 B
daveh => 13238429 B

RecycleBin => 0 B
EmptyTemp: => 501.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:07:02 ====
 

·
Moderator , Security Team
Joined
·
873 Posts
As far as I can see, there are no signs of infection on your machine. The files I scripted for scanning at VirusTotal all came back clean, so I think it's fair to assume your machine is clean.

We can run an online scan if you need further assurance, but I wouldn't expect it to find anything.
 

·
Registered
Joined
·
70 Posts
Discussion Starter #6
As far as I can see, there are no signs of infection on your machine. The files I scripted for scanning at VirusTotal all came back clean, so I think it's fair to assume your machine is clean.

We can run an online scan if you need further assurance, but I wouldn't expect it to find anything.
Thank you very much. All things look clear on my end. I think maybe there was something with chrome and those scripts I deleted that helped resolve some instability I was having. Much appreciated.
 

·
Moderator , Security Team
Joined
·
873 Posts
You're welcome. (y)

Since your problems appear to have been resolved I will now close this topic.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top