Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Really need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Really need help

Unread postby jimmy23 » December 12th, 2015, 7:55 pm

Computer is overrun by malware and i'm sure viruses. It constantly freezes and has massive amounts of pop ups. It is also unprotected and has a lot of the "registry cleaners" that pop up and ask that items be purchased. Please assist to getting computer back to normal operating capability.

Here are the first logs that had been run earlier.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Jimmy Sutton III (administrator) on JIMMY (12-12-2015 12:04:03)
Running from C:\Users\Jimmy Sutton III\Downloads
Loaded Profiles: Jimmy Sutton III & Administrator (Available Profiles: Jimmy Sutton III & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\DoScan.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\DashlanePlugin.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Farbar) C:\Users\Jimmy Sutton III\Downloads\FRST64 (3).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3101188819-3860113077-1056553616-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3389080 2015-04-04] (Electronic Arts)
HKU\S-1-5-21-3101188819-3860113077-1056553616-1002\...\Run: [Dashlane] => C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\Dashlane.exe [227512 2015-07-22] ()
HKU\S-1-5-21-3101188819-3860113077-1056553616-1002\...\Run: [DashlanePlugin] => C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\DashlanePlugin.exe [285880 2015-07-22] ()
HKU\S-1-5-21-3101188819-3860113077-1056553616-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-3101188819-3860113077-1056553616-500\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-3101188819-3860113077-1056553616-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F803C66F-155E-44B7-ABD7-63DD73AF2E73}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-3101188819-3860113077-1056553616-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3101188819-3860113077-1056553616-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3101188819-3860113077-1056553616-1002 -> {18E600E2-DAF2-4A86-A356-B62185F9F2F5} URL = hxxps://search.yahoo.com/search?p= {searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150209,20028,0,25,0
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-17] (Yahoo! Inc.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-07-22] (Dashlane)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-17] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Jimmy Sutton III\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-07-22] (Dashlane)
Toolbar: HKU\S-1-5-21-3101188819-3860113077-1056553616-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {444785F1-DE89-4295-863A-D46C3A781394} hxxp://webplayer.unity3d.com/download_w ... Player.cab

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @otee.dk/UnityWebPlayer -> C:\Program Files (x86)\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll [2007-05-01] (OverTheEdge I/S)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-21] ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-11-26] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Jimmy Sutton III\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-08-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-08-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20150728.013\BHDrvx64.sys [1647856 2015-06-22] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-06] (Symantec Corporation)
U3 EraserUtilDrv11511; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [153936 2015-08-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20150806.011\IDSvia64.sys [671448 2015-08-06] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150806.003\ENG64.SYS [138488 2015-08-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150806.003\EX64.SYS [2146040 2015-08-06] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-11-26] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SymELAM.sys [23568 2014-09-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-11-26] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [103384 2014-09-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-08-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-08-06] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-08-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 12:04 - 2015-12-12 12:05 - 00017459 _____ C:\Users\Jimmy Sutton III\Downloads\FRST.txt
2015-12-12 12:03 - 2015-12-12 12:04 - 00000000 ____D C:\FRST
2015-12-12 12:03 - 2015-12-12 12:03 - 02369536 _____ (Farbar) C:\Users\Jimmy Sutton III\Downloads\FRST64 (3).exe
2015-12-12 12:02 - 2015-12-12 12:02 - 02369536 _____ (Farbar) C:\Users\Jimmy Sutton III\Downloads\FRST64 (2).exe
2015-12-12 12:01 - 2015-12-12 12:01 - 00000000 _____ C:\Users\Jimmy Sutton III\Downloads\FRST64 (1).exe
2015-12-12 12:00 - 2015-12-12 12:00 - 00000000 _____ C:\Users\Jimmy Sutton III\Downloads\FRST64.exe
2015-12-12 11:34 - 2015-12-12 11:34 - 00001453 _____ C:\Users\Jimmy Sutton III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-12 11:32 - 2015-12-12 11:32 - 00000020 ___SH C:\Users\Jimmy Sutton III\ntuser.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 12:03 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-12 12:02 - 2014-11-13 20:45 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3101188819-3860113077-1056553616-1002
2015-12-12 11:59 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-12 11:57 - 2015-06-21 11:59 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-12 11:57 - 2015-06-21 11:58 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 11:52 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 11:48 - 2015-06-21 11:58 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-12 11:48 - 2015-06-21 11:58 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-12 11:48 - 2015-06-21 11:58 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 11:47 - 2014-01-05 18:12 - 00000000 ____D C:\Users\Jimmy Sutton III\AppData\Local\Packages
2015-12-12 11:47 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-12 11:45 - 2015-06-21 11:53 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-12 11:42 - 2015-08-06 18:42 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-12 11:40 - 2014-11-21 14:09 - 00000000 ___HD C:\$Windows.~BT
2015-12-12 11:35 - 2015-08-06 19:09 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-12 11:35 - 2014-11-01 21:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-12-12 11:32 - 2015-08-06 18:35 - 00000000 ____D C:\Users\Jimmy Sutton III
2015-12-12 11:31 - 2014-11-21 00:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-06 18:11

==================== End of FRST.txt ============================
jimmy23
Active Member
 
Posts: 5
Joined: December 12th, 2015, 3:46 pm
Top
Advertisement
Register to Remove

Re: Really need help

Unread postby Cypher » December 13th, 2015, 7:39 am

Incomplete Logs

By posting an incomplete set of FRST logs it is likely that your topic will be passed by and you will not receive the help you're looking for.
We need to know what's running on your computer so that we can provide the appropriate instructions

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.
If you still need help, please start a new thread an include your full FRST logs:
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
If for any reason you can't run FRST, please let us know in your post, and see this section here that explains what you should do when you can not run FRST..


This topic will now be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index