[fuery bcl bs help]

sorry for double posting but i also just realized that my usage stats look like this even tho its not running any apps rn, compared to someone elses usage stats that i asked for, mine are really high..?

[fuery bcl bs help]

As I turned my computer on and tried to log in I got the issue with the service not being available and it logged me into the temporary account again. Like before signing out and back in let me get to my computer

Also ive noticed that my cpu takes an oddly long time loading on "preparing windows" when i log in compared to how fast it usually takes 

I reinstalled firefox like you said. Anything I should do regarding windows edge? 

I was also using my normal apps just now and got a sudden BSOD...

I attached an img of the screen that makes me reenter my password when I start the cpu right before it puts me on temp acc

[fuery bcl bs help]

Aaaaghh- after following the instruction to delete the tweaking tool and run delfix, I was using chrome as usual when Firefox, a browser I have downloaded but not used in ages, opened itself and claimed to be having trouble 'restoring a previous session' consisting of 'window 1'. My pc has been on for several hours now so I'm not sure why this would be showing up at this point. Is this cause for concern, or should I simply ignore it? Otherwise, your help has been greatly appreciated, and you can close the topic if you'd like.

[fuery bcl bs help]

PC is responding fine, rebooted myself and no odd apps opened on startup and my windows defender was working as it should

[fuery bcl bs help]

Here it is, but my computer didn't reboot after the .bat. 

ark2.txt

[fuery bcl bs help]

Made the reg backup and did everything with the bat file, when I went to run it first windows stopped me to 'protect my device from something from an unknown publisher' but it was for the file so i ran anyway- a cmd flashed on my screen for a second, and then went away. Nothing else happened. Safe to run again to see if it works? 

[fuery bcl bs help]

Thanks for all the help so far. Here's the log you asked for: 

ark.txt

[fuery bcl bs help]

Followed the steps to remove defaultuser0, but no, as far as I know I am not registered with any windows insider thing

It still seems I have some sort of infection or unwanted services running on the computer?? Back when this whole issue first started, I had a hidden Microsoft Edge open up, and though it sounds strange, what it did was have certain songs play- some covers of things from musicals I've listened to, and a cover of a cartoon theme that I have never heard before. It was odd, I could only turn off the music in the MSE window through task manager

Right after I finished deleting defaultuser, I restarted the computer, and lo and behold, the mysterious mse playing cartoon music immediately on startup has returned. Additionally, three outbound connections to a website were blocked by malwarebytes, and then I was alerted to my realtime protection layers being off even though I turned them back on after running the online scan that required me to disable them

I remember in safemode while deleting defaultuser i got a popup  from windows that said "This app can't open: Get Started can't be opened using the Built-in Administrator account. Sign in with a different account and try again." I ignored it since it was most likely irrelevant but im including that detail anyway

I also tried to run windows defender as it was and still is turned off, and it said that it couldnt run for whatever reason. Not sure if thats simply because of safemode though. Malwarebytes worked fine 

I have attached one of the reports for the outbound connections

I don't think it's a good idea for me to get rid of the antimalware apps just yet, I want to be 100% sure that my computer is clean, even though it looks from the outside as if there is probably not much going on.

websiteblocked.txt

[fuery bcl bs help]

I got home and upon trying to log into the computer, I got 'something went wrong, this service is not available', redirected me to a page that made me verify my Windows10 account by reentering my password, then logged me in on a temporary account. I signed out and when I tried to log in again it worked fine so not sure what that was about

Yesterday I downloaded MWB and ran it ahead of time, it found 2 adware things and several other stuffs, the install.monster thing it found was the file that gave me the initial fuery infection notifications, and mwb deleted it as far as I can tell. The scan is attached as mwbscan.txt

Ran another scan with rootkit search enabled and it didn't find anything so it isn't attached.

ADWCleaner didn't find anything... 

Neither did ESET scan

 

 

 

 

mwbscan.txt

[fuery bcl bs help]

They are known and trusted files, the .jpeg, .mdp, .sai and .png listings littering my desktop are all just poorly named. I put them there, sorry if they caused confusion. 

Edit// FireAlpaca is also a trusted program.

[fuery bcl bs help]

Alright, I've finally gotten over my horrible fear (a little bit) and am following your instructions. Apologies for the catastrophically written first post, I was a mess. 

Here is the frst.txt that you asked for: 

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by barre (administrator) on DESKTOP-A9V7IQ9 (22-03-2017 17:06:24)
Running from C:\Users\barre\Desktop
Loaded Profiles: barre (Available Profiles: defaultuser0 & barre)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKU\S-1-5-21-2284778045-644900841-3920990327-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{bfbe138d-2de5-479d-bef1-f8a53c657913}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: u4c37f85.default
FF ProfilePath: C:\Users\barre\AppData\Roaming\Mozilla\Firefox\Profiles\u4c37f85.default [2017-03-10]
FF Extension: (uBlock Origin) - C:\Users\barre\AppData\Roaming\Mozilla\Firefox\Profiles\u4c37f85.default\Extensions\uBlock0@raymondhill.net.xpi [2017-02-21]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2284778045-644900841-3920990327-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\barre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default [2017-03-22]
CHR Extension: (Google Slides) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-04]
CHR Extension: (Google Docs) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-04]
CHR Extension: (Google Drive) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-04]
CHR Extension: (YouTube) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-04]
CHR Extension: (Google Sheets) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\barre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [368544 2016-06-23] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-06-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5763512 2016-06-23] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2016-09-24] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-06-23] (Realtek                                            )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [19504 2016-01-13] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-22 16:45 - 2017-03-22 17:06 - 00008090 _____ C:\Users\barre\Desktop\FRST.txt
2017-03-22 16:44 - 2017-03-22 17:06 - 00000000 ____D C:\FRST
2017-03-22 16:42 - 2017-03-22 16:44 - 02424832 _____ (Farbar) C:\Users\barre\Desktop\FRST64.exe
2017-03-21 17:59 - 2017-03-21 17:59 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-20 21:20 - 2017-03-20 21:20 - 24387584 _____ C:\Users\barre\Desktop\rtrtey.sai
2017-03-19 22:22 - 2017-03-19 22:22 - 00215148 _____ C:\Users\barre\Desktop\zhedst.jpeg
2017-03-19 20:57 - 2017-03-19 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawpile
2017-03-19 04:17 - 2017-03-19 04:17 - 00209693 _____ C:\Users\barre\Desktop\wegrewhg.jpeg
2017-03-19 00:46 - 2017-03-19 00:46 - 05304320 _____ C:\Users\barre\Desktop\egrwer.sai
2017-03-18 17:30 - 2017-03-18 17:31 - 00000000 ____D C:\Users\barre\Desktop\Drawpile-1.0.6
2017-03-18 04:45 - 2017-03-18 16:59 - 05976064 _____ C:\Users\barre\Desktop\ergtw.sai
2017-03-18 04:42 - 2017-03-19 04:17 - 01398541 _____ C:\Users\barre\Desktop\ewgr.mdp
2017-03-17 23:35 - 2017-03-18 04:45 - 00001466 _____ C:\Users\barre\Desktop\wegrgew.txt
2017-03-17 19:17 - 2017-03-17 19:17 - 03670016 _____ C:\Users\barre\Desktop\ar6ycdues.sai
2017-03-17 19:16 - 2017-03-17 19:16 - 05607424 _____ C:\Users\barre\Desktop\ret.sai
2017-03-17 19:16 - 2017-03-17 19:16 - 05607424 _____ C:\Users\barre\Desktop\New Canvas.sai
2017-03-14 22:27 - 2017-03-14 22:27 - 00014968 _____ C:\Users\barre\Desktop\yhewgrb .jpeg
2017-03-14 20:13 - 2017-03-14 20:13 - 01724416 _____ C:\Users\barre\Desktop\jt.sai
2017-03-14 20:13 - 2017-03-14 20:13 - 00746182 _____ C:\Users\barre\Desktop\srut56.ora
2017-03-13 19:07 - 2017-03-13 19:07 - 13500416 _____ C:\Users\barre\Desktop\q6ytgb  cdsgft.sai
2017-03-12 12:13 - 2017-03-12 12:13 - 02118464 _____ C:\Users\barre\Desktop\u8iyh.ora
2017-03-12 01:07 - 2017-03-12 01:07 - 00000000 ____D C:\Users\barre\AppData\LocalLow\TheMeatly Games
2017-03-11 05:07 - 2017-03-11 05:07 - 00243488 _____ C:\Users\barre\Desktop\fw.jpeg
2017-03-10 21:15 - 2017-03-10 22:03 - 02318950 _____ C:\Users\barre\Desktop\5gh34qe.mdp
2017-03-08 23:39 - 2017-03-08 23:39 - 03276800 _____ C:\Users\barre\Desktop\wfe.sai
2017-03-07 17:39 - 2017-03-07 17:39 - 03211264 _____ C:\Users\barre\Desktop\gewr.sai
2017-03-07 15:15 - 2017-03-07 15:17 - 00411172 _____ C:\WINDOWS\Minidump\030717-18328-01.dmp
2017-03-07 15:15 - 2017-03-07 15:15 - 590364884 _____ C:\WINDOWS\MEMORY.DMP
2017-03-07 15:15 - 2017-03-07 15:15 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-05 17:39 - 2017-03-05 17:55 - 00000000 ____D C:\Users\barre\AppData\Local\UNDERTALE
2017-03-04 09:05 - 2017-03-04 09:05 - 00479920 _____ C:\Users\barre\Desktop\qrgt.mdp
2017-03-04 09:03 - 2017-03-04 09:04 - 00344784 _____ C:\Users\barre\Desktop\iygcv.jpeg
2017-03-04 09:02 - 2017-03-05 04:18 - 04558848 _____ C:\Users\barre\Desktop\gyvtu dods.sai
2017-03-03 07:26 - 2017-03-04 09:05 - 01025830 _____ C:\Users\barre\Desktop\ergbvf.mdp
2017-03-03 05:50 - 2017-03-03 05:50 - 00210605 _____ C:\Users\barre\Desktop\regy5.mdp
2017-03-03 04:06 - 2017-03-03 04:06 - 00178229 _____ C:\Users\barre\Desktop\er4ty5r.jpeg
2017-03-02 05:28 - 2017-03-02 05:28 - 00139735 _____ C:\Users\barre\Desktop\wfe.mdp
2017-03-02 05:28 - 2017-03-02 05:28 - 00089165 _____ C:\Users\barre\Desktop\wegr.mdp
2017-03-02 05:27 - 2017-03-04 09:05 - 00100900 _____ C:\Users\barre\Desktop\qvrweg.mdp
2017-03-01 02:04 - 2017-03-01 02:04 - 00001263 _____ C:\Users\Public\Desktop\FireAlpaca.lnk
2017-03-01 02:04 - 2017-03-01 02:04 - 00000000 ____D C:\Users\barre\AppData\Local\FireAlpaca
2017-03-01 02:04 - 2017-03-01 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
2017-03-01 02:04 - 2017-03-01 02:04 - 00000000 ____D C:\Program Files (x86)\FireAlpaca
2017-03-01 02:04 - 2016-08-19 18:51 - 00689664 _____ C:\WINDOWS\system32\MdpThumb64.dll
2017-02-26 03:53 - 2017-02-28 01:31 - 31801344 _____ C:\Users\barre\Desktop\SUNGE REDRAW WIP!.sai
2017-02-26 03:53 - 2017-02-26 03:53 - 00145998 _____ C:\Users\barre\Desktop\EEGR.jpeg
2017-02-25 11:08 - 2017-02-25 11:08 - 27000054 _____ C:\Users\barre\Desktop\ddfg.bmp
2017-02-24 05:19 - 2017-02-24 05:19 - 02723840 _____ C:\Users\barre\Desktop\ytfr.sai
2017-02-24 05:19 - 2017-02-24 05:19 - 00163906 _____ C:\Users\barre\Desktop\rth.jpeg
2017-02-23 02:58 - 2017-02-23 02:58 - 00207554 _____ C:\Users\barre\Desktop\q4w3t.jpeg
2017-02-23 02:58 - 2017-02-23 02:58 - 00003751 _____ C:\Users\barre\Desktop\w6rt.txt
2017-02-23 02:57 - 2017-02-23 02:57 - 01138688 _____ C:\Users\barre\Desktop\qegr.sai
2017-02-23 00:41 - 2017-02-23 03:00 - 00000389 _____ C:\Users\barre\Desktop\New Text Document.txt
2017-02-22 01:09 - 2017-02-22 01:09 - 10694656 _____ C:\Users\barre\Desktop\shinya.sai
2017-02-22 01:08 - 2017-02-22 01:08 - 00196084 _____ C:\Users\barre\Desktop\doodl.jpeg
2017-02-20 22:06 - 2017-02-20 22:06 - 01327104 _____ C:\Users\barre\Desktop\jtde.sai
2017-02-20 22:06 - 2017-02-20 22:06 - 00223559 _____ C:\Users\barre\Desktop\zrt.jpeg
2017-02-20 18:47 - 2017-02-20 18:47 - 01072437 _____ C:\Users\barre\Desktop\rf.ora
2017-02-20 00:52 - 2017-03-22 16:58 - 00000000 ____D C:\Users\barre\Desktop\pics
2017-02-20 00:51 - 2017-02-20 00:51 - 00196800 _____ C:\Users\barre\Desktop\wef.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-22 16:58 - 2017-02-04 13:18 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-22 16:37 - 2017-02-04 13:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-22 16:35 - 2017-02-04 23:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-22 16:35 - 2017-02-04 22:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-22 16:35 - 2017-02-04 22:05 - 00000000 __SHD C:\Users\barre\IntelGraphicsProfiles
2017-03-22 16:29 - 2017-02-04 23:53 - 01485166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-22 16:25 - 2017-02-04 23:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-22 16:25 - 2017-02-04 14:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-21 17:56 - 2017-02-04 13:11 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-03-21 17:23 - 2017-02-04 22:04 - 00000000 ____D C:\Users\barre
2017-03-20 21:20 - 2017-02-06 16:50 - 00000000 ____D C:\Users\barre\Desktop\Sai 1.1.0
2017-03-19 20:57 - 2017-02-10 11:53 - 00000000 ____D C:\Program Files (x86)\Drawpile
2017-03-18 17:17 - 2017-02-05 13:20 - 00000000 ____D C:\Users\barre\Desktop\Wolf
2017-03-17 19:18 - 2017-02-04 13:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-14 20:32 - 2017-02-04 13:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 00:28 - 2017-02-05 20:00 - 00000000 ____D C:\Users\barre\AppData\LocalLow\Mozilla
2017-03-05 17:37 - 2017-02-04 23:21 - 00000000 ____D C:\Users\barre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-27 20:20 - 2017-02-05 17:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-27 20:18 - 2017-02-05 17:15 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-25 16:45 - 2017-02-04 22:07 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-25 16:45 - 2017-02-04 22:07 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-21 17:26 - 2017-02-04 22:12 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-21 17:26 - 2017-02-04 22:09 - 00002363 _____ C:\Users\barre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-21 17:26 - 2017-02-04 22:09 - 00000000 ___RD C:\Users\barre\OneDrive
2017-02-20 01:21 - 2017-02-18 04:37 - 04349952 _____ C:\Users\barre\Desktop\ert.sai

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-14 15:22

==================== End of FRST.txt ============================

Addition.txt and RK.txt are also attached. 

The scan from RogueKiller completed after 40 minutes and found five threats. None of them were the Fuery b!cl that I'm 99% sure is on my computer since it was shown by Windows Defender  twice and then mysteriously disappeared as the function of the machine slowly went downhill.

All in all, I feel like the worst problem was completely missed... For now, I'll let rk try to delete the two registry PUPs and the three (??? I don't know what they are) and wait for further response.

 

 

Addition.txt

RK.txt

[fuery bcl bs help]

so l ike

i was on the Internet™ recently and did some stupid junk

and now my cpu is in the death grips of win32 Fuery bcl trojan

i dont have mwb or anything i just have crippling anxiety and a fear of credit fraud

i am way too young to die and also too young to be competent with most computer things 

i dont know what to Do i have unplugged my whole pc and am looking at it from across the room like satan possesses it which it probably does 

a t some point i turned off my wifi but it turned itswlf back on and used my location which is freaking me out i am terrified please help i need a really comprehensive guide for my poor ass 

everywhere online is the same guide and due to my Fear  im too much a smallbitch to follow it, and im irked by the idea of returning to a point on my cpu for some reason idk i feel like that will not fix the trojan 

sorry if im not following whatever rules or if its against the forumlaw to post about something thats already resolved (albeit in another way) i just need prompt answers or ill maybe just change my name run away and chainsaw off an arm to become a bandit in the state of ohio like my parents always wanted 

 

edit// adtee my initial paickinf ;lol)) i realized that im supposed to have downloaded a thing and then paste a log here, but,, like. im legitimately horrified by the idea of turning my computer back on. much less downloading something. iv e heard tha t this particular trojan can rek me super quick if i do anything but also if i dont do anything AAAAHHH