Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting an error every 3 minutes please assist! :) [Closed]


  • This topic is locked This topic is locked

#1
nightride

nightride

    New Member

  • Member
  • Pip
  • 9 posts

Hey guys i am getting this error: Line 0 (File "C:\ProgramData\gedvdk\GeDvDK:):   Error: Error opening the file its from a program called autolt or something like that. 

i was told to post this :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016

Ran by kyle schaper (administrator) on KYLE (26-07-2016 18:27:14)
Running from C:\Users\kyle schaper\Desktop
Loaded Profiles: kyle schaper (Available Profiles: kyle schaper)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.741.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(© 2015 Microsoft Corporation) C:\Users\kyle schaper\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-17] (Dell Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [Akamai NetSession Interface] => C:\Users\kyle schaper\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [uTorrent] => C:\Users\kyle schaper\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-08] (BitTorrent Inc.)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\Run: [BingSvc] => C:\Users\kyle schaper\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\RunOnce: [Uninstall C:\Users\kyle schaper\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kyle schaper\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: F - "F:\autorun.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {0652b17d-e86a-11e5-82b4-b82a72ba2a77} - "H:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {19aa5839-af6b-11e4-825b-9cad97570d80} - "O:\.\StartModem.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {19aa58c5-af6b-11e4-825b-9cad97570d80} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {2fcde6bb-c814-11e4-826c-9cad97570d80} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-22] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kyle schaper\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-22] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Weclome.vbs [2015-10-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2016-05-23]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe (IO3O LLC)
Startup: C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\kyle schaper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-12]
ShortcutTarget: MEGAsync.lnk -> C:\Users\kyle schaper\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-10-06]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2462944861-3427807245-1620875648-1001] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{B56A148E-3A60-4039-A8BF-503C8B29181F}: [DhcpNameServer] 192.168.100.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2462944861-3427807245-1620875648-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2462944861-3427807245-1620875648-1001 -> {8026C047-DCB9-4108-B5CE-4502AB1580BB} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-04-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-04-28] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\kyle schaper\AppData\Roaming\Mozilla\Firefox\Profiles\2ukkov59.default
FF NewTab: C:\\ProgramData\\Utatitys\\ff.NT
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing
FF Homepage: C:\\ProgramData\\Utatitys\\ff.HP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin HKU\S-1-5-21-2462944861-3427807245-1620875648-1001: @nsroblox.roblox.com/launcher -> C:\Users\kyle schaper\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2462944861-3427807245-1620875648-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\kyle schaper\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2462944861-3427807245-1620875648-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kyle schaper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF Extension: Bing Search - C:\Users\kyle schaper\AppData\Roaming\Mozilla\Firefox\Profiles\2ukkov59.default\Extensions\[email protected] [2016-04-15]
FF Extension: MEGA - C:\Users\kyle schaper\AppData\Roaming\Mozilla\Firefox\Profiles\2ukkov59.default\Extensions\[email protected] [2016-06-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-18]
CHR Extension: (Google Docs) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-18]
CHR Extension: (Google Drive) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
CHR Extension: (YouTube) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
CHR Extension: (Google Sheets) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (Gmail) - C:\Users\kyle schaper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
Opera: 
=======
OPR Extension: (No Name) - C:\Users\kyle schaper\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahdcbmcfcelhbaajmnfilcmnchogibdn [2015-05-31]
OPR Extension: (No Name) - C:\Users\kyle schaper\AppData\Roaming\Opera Software\Opera Stable\Extensions\gooadbaemblgdncpcnfncoockdjpigbg [2015-05-31]
OPR Extension: (No Name) - C:\Users\kyle schaper\AppData\Roaming\Opera Software\Opera Stable\Extensions\oejfjalkfaiehemmjjeodiedpjmpadod [2015-05-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-07-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-04-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-05] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-10-21] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 dycesyco; C:\Users\kyle schaper\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-13] (Qualcomm Atheros Communications, Inc.)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.5.1\dbk64.sys [94040 2016-05-19] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2016-03-13] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 mtkmbim; C:\Windows\system32\DRIVERS\mtkmbim7_x64.sys [208896 2012-12-13] (MediaTek Inc.)
R3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-09] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-11-19] (MediaTek Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U2 McMPFSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-26 18:27 - 2016-07-26 18:28 - 00034418 _____ C:\Users\kyle schaper\Desktop\FRST.txt
2016-07-26 18:27 - 2016-07-26 18:27 - 00000000 ____D C:\FRST
2016-07-26 18:23 - 2016-07-26 18:23 - 02394112 _____ (Farbar) C:\Users\kyle schaper\Desktop\FRST64.exe
2016-07-26 18:16 - 2016-07-26 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-26 18:14 - 2016-07-26 18:14 - 00000000 ___RD C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-07-26 17:32 - 2014-11-17 17:22 - 00809496 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmpB208.tmp
2016-07-26 17:22 - 2016-07-26 17:22 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\Curiolab
2016-07-26 17:21 - 2016-07-26 17:24 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-07-26 17:21 - 2016-07-26 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-07-26 17:16 - 2016-07-26 17:21 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\kyle schaper\Downloads\ExterminateItSetup.exe
2016-07-26 17:03 - 2016-07-26 17:04 - 03712064 _____ C:\Users\kyle schaper\Downloads\adwcleaner_5.201 (1).exe
2016-07-26 16:47 - 2016-07-26 16:48 - 01343828 _____ C:\Users\kyle schaper\Downloads\adwcleaner_5.201.exe
2016-07-23 10:57 - 2016-07-23 10:57 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\MSEmbed
2016-07-22 19:12 - 2016-07-22 19:14 - 06813038 _____ C:\Users\kyle schaper\Downloads\LazyBot for wow 3.3.5a.rar
2016-07-22 18:40 - 2016-07-22 18:40 - 00004034 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-07-22 18:40 - 2016-07-22 18:40 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-07-22 18:40 - 2016-07-22 18:40 - 00003348 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2016-07-22 18:40 - 2016-07-22 18:40 - 00003224 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-07-22 18:39 - 2016-07-22 18:39 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-07-22 18:39 - 2016-07-22 18:39 - 00000000 ____D C:\Program Files\Dell Support Center
2016-07-22 13:17 - 2016-07-22 13:17 - 00056962 _____ C:\Users\kyle schaper\Downloads\SuperDuperMacro v2.6 (1).zip
2016-07-19 23:23 - 2016-07-19 23:23 - 00012846 _____ C:\Users\kyle schaper\Downloads\EventAlert-3.4.9.zip
2016-07-19 21:52 - 2016-07-19 21:53 - 00343552 _____ C:\Users\kyle schaper\Downloads\ProjectSpare (3).dll
2016-07-18 00:03 - 2016-07-18 00:04 - 00033792 _____ C:\Users\kyle schaper\Downloads\CGI (1).dll
2016-07-17 20:27 - 2015-03-08 06:35 - 00000000 ____D C:\Users\kyle schaper\Desktop\Heroes WoW Patch 2.0
2016-07-15 11:46 - 2016-07-15 11:48 - 00532992 _____ C:\Users\kyle schaper\Downloads\Pr7sm.vmp.dll
2016-07-15 11:40 - 2016-07-15 11:41 - 00555520 _____ C:\Users\kyle schaper\Downloads\Halycon.dll
2016-07-13 19:20 - 2016-07-13 19:20 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-10 22:50 - 2016-07-07 02:39 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-10 21:58 - 2016-07-10 21:58 - 00045056 _____ C:\Users\kyle schaper\Downloads\VetroSploit .dll
2016-07-02 15:06 - 2016-07-02 15:07 - 00000000 ____D C:\Users\kyle schaper\Desktop\scripts
2016-07-02 12:59 - 2016-07-02 13:00 - 00214016 _____ C:\Users\kyle schaper\Downloads\0xAzuL.dll
2016-07-01 11:57 - 2016-07-23 10:57 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\.kbd
2016-07-01 11:49 - 2016-07-01 11:50 - 08319897 _____ C:\Users\kyle schaper\Downloads\Kronos_3.7_1.8.zip
2016-06-29 08:12 - 2016-06-29 08:12 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-06-29 08:12 - 2016-06-29 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-06-27 14:40 - 2016-06-27 14:40 - 00000000 ____D C:\Users\kyle schaper\Documents\Scratch Projects
2016-06-26 07:20 - 2016-06-28 16:21 - 00000000 ____D C:\Users\kyle schaper\Desktop\scratch
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-26 18:24 - 2015-02-10 19:20 - 00000000 __RDO C:\Users\kyle schaper\OneDrive
2016-07-26 18:22 - 2015-12-24 15:44 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-26 18:20 - 2016-03-15 20:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-26 18:18 - 2015-02-08 10:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2462944861-3427807245-1620875648-1001
2016-07-26 18:15 - 2014-03-18 11:53 - 00913650 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-26 18:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-26 18:14 - 2015-12-24 15:44 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-26 17:51 - 2014-07-10 07:19 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-07-26 17:43 - 2015-12-08 09:50 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-07-26 17:42 - 2015-12-07 14:51 - 00000000 ____D C:\Users\kyle schaper\AppData\Local\LogMeIn Hamachi
2016-07-26 17:41 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-26 17:40 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-07-26 17:36 - 2015-07-13 21:42 - 00000000 ____D C:\AdwCleaner
2016-07-26 17:08 - 2015-09-14 17:39 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-26 17:08 - 2015-09-14 17:39 - 00001067 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-26 17:08 - 2015-03-13 18:57 - 00001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-26 17:08 - 2015-03-13 18:57 - 00001312 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-26 17:08 - 2015-02-08 10:22 - 00001017 _____ C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-26 17:08 - 2014-07-10 07:14 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-07-26 16:58 - 2015-02-08 10:24 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9B9C3ADE-DEAD-4C6E-8CB3-290CFE512299}
2016-07-26 16:41 - 2016-03-12 21:01 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\uTorrent
2016-07-26 16:40 - 2016-05-09 16:32 - 00000000 ____D C:\wifidata
2016-07-26 16:39 - 2015-02-08 10:23 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\Atheros
2016-07-26 16:39 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-07-26 16:38 - 2014-07-10 07:15 - 00000000 ____D C:\ProgramData\McAfee
2016-07-26 16:35 - 2016-04-15 23:25 - 00000000 ____D C:\Program Files\TrueKey
2016-07-26 15:08 - 2015-07-19 09:43 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\Skype
2016-07-25 22:11 - 2015-06-13 16:11 - 00000378 _____ C:\Windows\Tasks\TourMaster.job
2016-07-25 19:58 - 2015-02-08 10:23 - 00000000 ____D C:\Users\kyle schaper\Documents\Bluetooth Folder
2016-07-24 12:52 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 12:50 - 2015-02-08 11:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-23 19:28 - 2016-03-27 13:19 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\.minecraft
2016-07-23 15:01 - 2015-02-08 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-23 08:39 - 2016-04-16 07:02 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-07-22 19:15 - 2015-02-08 16:07 - 00000000 ____D C:\Users\kyle schaper\AppData\Local\CrashDumps
2016-07-22 18:39 - 2014-07-10 07:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-22 18:36 - 2014-07-10 07:14 - 00000000 ____D C:\ProgramData\PCDr
2016-07-22 11:41 - 2015-07-03 09:54 - 00000000 ____D C:\Users\kyle schaper\AppData\Local\MEGAsync
2016-07-21 08:43 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-21 08:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-18 10:55 - 2016-02-09 16:58 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\vlc
2016-07-15 08:26 - 2016-03-11 20:42 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-07-13 19:21 - 2016-03-15 20:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-13 19:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 19:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 10:09 - 2015-08-06 19:45 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-07 16:19 - 2015-02-08 10:21 - 00000000 ____D C:\Users\kyle schaper
2016-07-02 20:31 - 2016-05-06 08:13 - 00000024 _____ C:\Users\kyle schaper\jagexappletviewer.preferences
2016-07-02 20:27 - 2016-05-06 08:14 - 00000051 _____ C:\Users\kyle schaper\jagex_cl_oldschool_LIVE.dat
2016-07-02 15:04 - 2015-11-05 19:15 - 00000000 ____D C:\Users\kyle schaper\Desktop\lib
2016-07-02 15:01 - 2016-03-13 19:08 - 00000000 ____D C:\MOP030B
2016-07-02 14:59 - 2015-02-09 16:32 - 00000000 ___RD C:\Users\kyle schaper\Desktop\school work
2016-07-02 14:58 - 2015-05-31 10:11 - 00000000 ___RD C:\Users\kyle schaper\Desktop\games
2016-07-01 09:46 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-30 22:17 - 2015-07-04 09:36 - 00000000 ____D C:\Users\kyle schaper\AppData\Roaming\TS3Client
2016-06-29 11:00 - 2015-02-15 09:10 - 00000000 __SHD C:\Users\kyle schaper\AppData\Local\EmieBrowserModeList
2016-06-29 11:00 - 2015-02-08 10:32 - 00000000 __SHD C:\Users\kyle schaper\AppData\Local\EmieUserList
2016-06-29 11:00 - 2015-02-08 10:32 - 00000000 __SHD C:\Users\kyle schaper\AppData\Local\EmieSiteList
2016-06-29 08:12 - 2015-10-02 07:37 - 00000000 ____D C:\Program Files\McAfee Security Scan
 
==================== Files in the root of some directories =======
 
2016-06-08 19:07 - 2016-06-08 19:07 - 6867968 _____ () C:\Users\kyle schaper\AppData\Roaming\agent.dat
2015-05-27 19:22 - 2015-08-19 18:00 - 0000024 _____ () C:\Users\kyle schaper\AppData\Roaming\appdataFr25.bin
2015-04-01 21:05 - 2015-05-24 16:12 - 0000020 _____ () C:\Users\kyle schaper\AppData\Roaming\appdataFr3.bin
2016-01-24 12:19 - 2016-01-24 12:19 - 0000046 _____ () C:\Users\kyle schaper\AppData\Roaming\Camdata.ini
2016-01-24 12:19 - 2016-01-24 12:19 - 0000408 _____ () C:\Users\kyle schaper\AppData\Roaming\CamLayout.ini
2016-01-24 12:19 - 2016-01-24 12:19 - 0000408 _____ () C:\Users\kyle schaper\AppData\Roaming\CamShapes.ini
2016-01-24 12:19 - 2016-01-24 12:19 - 0004536 _____ () C:\Users\kyle schaper\AppData\Roaming\CamStudio.cfg
2016-06-08 19:07 - 2016-06-08 19:07 - 0069072 _____ () C:\Users\kyle schaper\AppData\Roaming\Config.xml
2015-12-13 14:03 - 2015-12-16 09:35 - 0003072 _____ () C:\Users\kyle schaper\AppData\Roaming\Foto First Photobook Software Prefsv3
2016-06-08 19:05 - 2016-06-08 19:06 - 0011568 _____ () C:\Users\kyle schaper\AppData\Roaming\InstallationConfiguration.xml
2016-06-08 19:05 - 2016-06-08 19:05 - 0128512 _____ () C:\Users\kyle schaper\AppData\Roaming\Installer.dat
2016-06-08 19:07 - 2016-06-08 19:07 - 1759232 _____ () C:\Users\kyle schaper\AppData\Roaming\Jobtam.tst
2016-06-08 19:07 - 2016-06-08 19:07 - 0018432 _____ () C:\Users\kyle schaper\AppData\Roaming\Main.dat
2016-06-08 19:07 - 2016-06-08 19:07 - 0005568 _____ () C:\Users\kyle schaper\AppData\Roaming\md.xml
2016-06-08 19:07 - 2016-06-08 19:07 - 0126464 _____ () C:\Users\kyle schaper\AppData\Roaming\noah.dat
2016-06-08 19:07 - 2016-06-08 19:07 - 0001150 _____ () C:\Users\kyle schaper\AppData\Roaming\uninstall_temp.ico
2016-01-24 12:16 - 2016-01-24 12:16 - 0000096 _____ () C:\Users\kyle schaper\AppData\Roaming\version2.xml
2015-06-09 10:08 - 2015-04-03 22:05 - 0034816 _____ () C:\Users\kyle schaper\AppData\Roaming\wnsync.exe
2015-02-15 11:40 - 2015-02-15 11:40 - 0613057 _____ (CMI Limited) C:\Users\kyle schaper\AppData\Local\nsb8F2E.tmp
2015-02-15 12:39 - 2015-02-15 12:39 - 0628496 _____ (CMI Limited) C:\Users\kyle schaper\AppData\Local\nsnBB02.tmp
2015-11-11 12:37 - 2015-11-11 12:37 - 0000218 _____ () C:\Users\kyle schaper\AppData\Local\recently-used.xbel
2016-02-14 16:17 - 2016-02-14 16:17 - 0000000 _____ () C:\Users\kyle schaper\AppData\Local\{1372FFD3-7FC8-48C3-91B8-01B037278494}
2014-07-10 06:42 - 2014-07-10 06:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-10 07:06 - 2014-07-10 07:06 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-07-10 07:02 - 2014-07-10 07:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-07-10 07:03 - 2014-07-10 07:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-07-10 07:05 - 2014-07-10 07:06 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-07-10 07:01 - 2014-07-10 07:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-21 20:49
 
==================== End of FRST.txt ============================

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello nightride and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'm looking over the logs and will post further instructions. :)

  • 0

#3
nightride

nightride

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you very much!


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi nightride

I have a couple of Questions

1. Do you know what this file is?
 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Weclome.vbs [2015-10-24] ()


2. Do you use a proxy server?
  • 0

#5
nightride

nightride

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Welcome.vbs was a file my friend made for me so that my pc "greeted"me on start up.

 

And also i dont use a proxy.


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi nightride

Thanks for answers to my questions. :thumbsup:

Ok. lets try some clean up.

First I must give you a bit of advice..

P2P Warning: !

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to do this, you can do so by:
  • Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
  • Enter control panel in the search box, then tap or click Control Panel.
  • Under View by:, select Large Icons, then tap or click Programs and features.
  • Tap or click the program, then tap or click Uninstall.
  • Follow the instructions on screen.

    If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.


    Step1 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   2.24KB   29 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - AdwCleaner scan

    Delete any old versions of Adwcleaner you may have.

    then

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options tick -
    Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - Malwarebytes


    Please download Malwarebytes' Anti-Malware from Here or Here
    Double-click on mbam-setup-version-number.exe to install the application.
    Before clicking Finish perform the following actions --

    Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    Check the box beside Launch Malwarebytes Anti-Malware

    Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

    Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

    MBAM_settings_zps3dey1yqg.jpg

    Return to the Dashboard click on Scan Now;

    MBAM_scan_zpsoqfjupkt.jpg

    If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    Copy and Paste the contents of the log in your next reply.


    Things for your next post:
  • fixlog.txt
  • adwCleaner[C*].txt
  • MBAM log
  • How is the computer running now?

  • 0

#7
nightride

nightride

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hey again, just waiting on the malwarebytes scan but here is the "fixlog"::

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by kyle schaper (2016-07-26 22:25:49) Run:1
Running from C:\Users\kyle schaper\Desktop
Loaded Profiles: kyle schaper (Available Profiles: kyle schaper)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: F - "F:\autorun.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {0652b17d-e86a-11e5-82b4-b82a72ba2a77} - "H:\setup.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {19aa5839-af6b-11e4-825b-9cad97570d80} - "O:\.\StartModem.exe" 
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {19aa58c5-af6b-11e4-825b-9cad97570d80} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\...\MountPoints2: {2fcde6bb-c814-11e4-826c-9cad97570d80} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\setup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2462944861-3427807245-1620875648-1001 -> {8026C047-DCB9-4108-B5CE-4502AB1580BB} URL =
FF NewTab: C:\\ProgramData\\Utatitys\\ff.NT
FF Homepage: C:\\ProgramData\\Utatitys\\ff.HP
S2 dycesyco; C:\Users\kyle schaper\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION
U2 McMPFSvc; no ImagePath
C:\Users\kyle schaper\AppData\Roaming\VOPackage
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
RemoveProxy:
EmptyTemp: 
 
 
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0652b17d-e86a-11e5-82b4-b82a72ba2a77}" => key removed successfully
HKCR\CLSID\{0652b17d-e86a-11e5-82b4-b82a72ba2a77} => key not found. 
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19aa5839-af6b-11e4-825b-9cad97570d80}" => key removed successfully
HKCR\CLSID\{19aa5839-af6b-11e4-825b-9cad97570d80} => key not found. 
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19aa58c5-af6b-11e4-825b-9cad97570d80}" => key removed successfully
HKCR\CLSID\{19aa58c5-af6b-11e4-825b-9cad97570d80} => key not found. 
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fcde6bb-c814-11e4-826c-9cad97570d80}" => key removed successfully
HKCR\CLSID\{2fcde6bb-c814-11e4-826c-9cad97570d80} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8026C047-DCB9-4108-B5CE-4502AB1580BB}" => key removed successfully
HKCR\CLSID\{8026C047-DCB9-4108-B5CE-4502AB1580BB} => key not found. 
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
dycesyco => service removed successfully
McMPFSvc => service could not remove
"C:\Users\kyle schaper\AppData\Roaming\VOPackage" => not found.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End ofCMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End ofCMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2462944861-3427807245-1620875648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17950991 B
Java, Flash, Steam htmlcache => 120534126 B
Windows/system/drivers => 1097098643 B
Edge => 0 B
Chrome => 724331303 B
Firefox => 381648865 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 78063 B
systemprofile32 => 0 B
LocalService => 218410 B
NetworkService => 0 B
kyle schaper => 296907589 B
 
RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:32:00 ====\
 
 
Here is the adwcleaner logs::
 
# AdwCleaner v5.201 - Logfile created 26/07/2016 at 22:41:12
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-26.1 [Server]
# Operating system : Windows 8.1 Single Language  (X64)
# Username : kyle schaper - KYLE
# Running from : C:\Users\kyle schaper\Downloads\adwcleaner_5.201 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2535 bytes] - [14/04/2016 18:52:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [1966 bytes] - [21/04/2016 11:56:59]
C:\AdwCleaner\AdwCleaner[C3].txt - [3864 bytes] - [05/05/2016 08:37:04]
C:\AdwCleaner\AdwCleaner[C4].txt - [3951 bytes] - [08/06/2016 19:22:17]
C:\AdwCleaner\AdwCleaner[C5].txt - [6745 bytes] - [26/07/2016 17:08:32]
C:\AdwCleaner\AdwCleaner[R0].txt - [41573 bytes] - [13/07/2015 21:42:37]
C:\AdwCleaner\AdwCleaner[R1].txt - [6602 bytes] - [28/12/2015 17:38:44]
C:\AdwCleaner\AdwCleaner[R2].txt - [1994 bytes] - [25/01/2016 12:37:54]
C:\AdwCleaner\AdwCleaner[R3].txt - [1289 bytes] - [30/01/2016 09:03:02]
C:\AdwCleaner\AdwCleaner[R4].txt - [1349 bytes] - [30/01/2016 17:47:30]
C:\AdwCleaner\AdwCleaner[R5].txt - [1468 bytes] - [22/02/2016 13:01:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [37530 bytes] - [13/07/2015 21:45:56]
C:\AdwCleaner\AdwCleaner[S10].txt - [1532 bytes] - [26/07/2016 22:41:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [8557 bytes] - [28/12/2015 17:41:40]
C:\AdwCleaner\AdwCleaner[S2].txt - [3781 bytes] - [25/01/2016 12:40:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [3092 bytes] - [30/01/2016 17:54:10]
C:\AdwCleaner\AdwCleaner[S4].txt - [5333 bytes] - [22/02/2016 13:03:56]
C:\AdwCleaner\AdwCleaner[S5].txt - [1974 bytes] - [19/05/2016 17:54:17]
C:\AdwCleaner\AdwCleaner[S6].txt - [3794 bytes] - [08/06/2016 19:11:36]
C:\AdwCleaner\AdwCleaner[S8].txt - [9786 bytes] - [26/07/2016 17:04:50]
C:\AdwCleaner\AdwCleaner[S9].txt - [2195 bytes] - [26/07/2016 17:36:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [2190 bytes] ##########
 
 
ill post the next log as soon as the scan is done!

  • 0

#8
nightride

nightride

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

At the moment i am still getting the error message pop up every minute or so.


  • 0

#9
nightride

nightride

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Okay malwarebytes finished scanning, the logs didnt save for some reason, i followed your instructions by quarantining the items, and restarting my pc, the error hasnt showed up again "Touch wood" Thank you for all your help man! 


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi nightride

Good news but stick with the topic as there is other things to check out. :)

You can get the MBAM log from here.
  • Double click on Malwarebytes to open the application.
  • Click on History
  • Click on application logs.
  • under the heading type, locate the latest log called Scan Log and double click to select it.
  • In the next window that opens click Export then select Text file (.txt). Save this to your desktop. You can call the file MBAM.
  • Copy and paste the entire contents of the report into your next reply.


    Also run some fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • MBAM log
  • FRST.txt
  • Addition.txt

  • 0

#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP