Jump to content

RPMcMurphy

Experts
  • Content Count

    1,233
  • Joined

  • Last visited

About RPMcMurphy

  • Rank
    Elite Member

Recent Profile Visitors

6,168 profile views
  1. Welcome. Please follow the instructions in this post to get started: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/
  2. I don't see anything concerning in your logs. The fact that it is occurring at the same time every night would lead me to check and see if a scheduled scan or update is occurring at the time.
  3. Great! All I have left for you is a software update and some cleanup: Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please update to the latest version. Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
  4. That's good. I did note that you had a fair number of potentially unwanted programs in your logs, but nothing else too concerning. Please do this little bit of housekeeping: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File] U3 idsvc; no ImagePath VirusTotal: C:\Users\Walt\AppData\Local\Temp\BlueStacksClientUninstaller.exe CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File Task: {03DACB8F-C5AE-4D21-A38E-3C236FA63B9C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {07E81CF8-E5C8-44BF-A39A-85534F640F28} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {425FE86D-54AE-4FF6-A87B-102D54D77CF0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4FBA3975-8CF3-408A-8A2C-91A271A508D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {79921081-1217-4267-9511-2E7BE41AA114} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {7B099CE3-9398-435A-A4E8-C54FC96A2CE0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {7E84EE4E-8017-4B8D-94FE-7119A0348B78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9B135167-93CE-405B-82F2-2D20D599EC78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {AF6222F9-99F6-4CA2-85F0-6355CF89DA61} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {B1D6CB4B-21C0-4266-AD53-6CF8027C81C4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B377207F-585A-453A-B62C-DA78D99CC0D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {BDF23B13-441B-48BB-A52A-59B5599E0A8E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C116071A-FBDC-410E-A060-D42ACF3ECCB6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {CC31A4E3-4D0E-4D21-A913-CD7895994D71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {D1DCB28A-50E4-4ACA-AED6-CC419B80A801} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FC51A09C-7574-4AE8-8FD3-BD9D81236455} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION FirewallRules: [UDP Query User{A7F8E555-1F71-4B94-B3E8-EFD0E600CFF5}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe No File FirewallRules: [TCP Query User{41A6E499-E04B-4F2A-82BE-5DBBC6E5A72C}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe No File FirewallRules: [UDP Query User{E89D09E1-7DF7-4D22-8208-771FC32132EA}C:\scrapebox64_1\scrapebox.exe] => (Allow) C:\scrapebox64_1\scrapebox.exe No File FirewallRules: [TCP Query User{B3C87FBF-9378-4F00-9E32-68EA1A448C0A}C:\scrapebox64_1\scrapebox.exe] => (Allow) C:\scrapebox64_1\scrapebox.exe No File FirewallRules: [{EDAC3FEC-FA0E-4515-95D5-F9BACAC99B21}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File FirewallRules: [{FFDA705B-E761-4605-AB89-ED9837F71D8D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File FirewallRules: [{E0773917-B9EE-46DD-B9A2-C10B74B690A1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe No File FirewallRules: [{58E68167-7A9D-4F21-B881-7C05EC0D6A31}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe No File FirewallRules: [{94C458B5-1B85-429E-893A-319A972AF320}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe No File FirewallRules: [{1A2F0938-6109-46B8-B834-549B96F3E3F9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe No File FirewallRules: [{25508927-1ED7-4598-A1D0-1FA3CB40FC9C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe No File FirewallRules: [{6A9C1656-58B2-4880-B588-39577BBB8B19}] => (Block) C:\kodi\kodi.exe No File FirewallRules: [{B490F972-BADB-45AF-B184-3ECC7D3C34ED}] => (Block) C:\kodi\kodi.exe No File FirewallRules: [UDP Query User{1C1BC718-1AF8-4E30-BA42-C70015A2D13D}C:\kodi\kodi.exe] => (Allow) C:\kodi\kodi.exe No File FirewallRules: [TCP Query User{C7A482FA-F794-4B5B-858C-815F0CBC10AC}C:\kodi\kodi.exe] => (Allow) C:\kodi\kodi.exe No File FirewallRules: [UDP Query User{5FB8E63D-D322-4822-A449-B0C7EDB8A561}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe No File FirewallRules: [TCP Query User{C207410C-9B74-4C2F-A72B-4ED19D2374B4}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe No File FirewallRules: [TCP Query User{19F3EB1E-CAF5-4E51-BA01-2730B51C5F07}C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe] => (Allow) C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe No File FirewallRules: [UDP Query User{28C99BBF-17F0-4BAE-A5DE-4D7924012E89}C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe] => (Allow) C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe No File FirewallRules: [TCP Query User{B08AB95F-7CBC-4218-A23B-CBE5B0832B07}C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe] => (Allow) C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe No File FirewallRules: [UDP Query User{029CD053-1FEB-4A82-B65A-5457FC602A14}C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe] => (Allow) C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe No File FirewallRules: [TCP Query User{9186E9A2-9652-45D1-83BE-5DE46C9D999D}N:\downloads\software_hwren1rev1.exe] => (Allow) N:\downloads\software_hwren1rev1.exe No File FirewallRules: [UDP Query User{90275C09-BD91-4394-9657-B29662CAA091}N:\downloads\software_hwren1rev1.exe] => (Allow) N:\downloads\software_hwren1rev1.exe No File FirewallRules: [TCP Query User{87886B49-168D-495F-AEC5-1789781AE467}N:\downloads\entropy_signal_client_v.1.3.exe] => (Allow) N:\downloads\entropy_signal_client_v.1.3.exe No File FirewallRules: [UDP Query User{ECB1C067-D326-4BA2-8702-70080EC1F443}N:\downloads\entropy_signal_client_v.1.3.exe] => (Allow) N:\downloads\entropy_signal_client_v.1.3.exe No File FirewallRules: [TCP Query User{730874BF-7DDE-4839-BF0F-76423011D40A}N:\downloads\software_hwren1rev1 (1).exe] => (Allow) N:\downloads\software_hwren1rev1 (1).exe No File FirewallRules: [UDP Query User{2433C6EA-EB7E-475F-AB03-5021A51C2843}N:\downloads\software_hwren1rev1 (1).exe] => (Allow) N:\downloads\software_hwren1rev1 (1).exe No File FirewallRules: [{465A47CA-1B51-49BD-99E1-4F678702BF90}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe No File FirewallRules: [{09B224A5-E7C0-4FDB-9131-0A1304FD1555}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\spengine.exe No File FirewallRules: [{0FC737BF-8522-43A8-A6B4-A115C39CED07}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{9502F49D-C53D-467F-8AE1-F1C068F8C481}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{6B8DF454-4146-4903-BD86-751F3F46F65D}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{E68910B8-AA98-4076-980A-4626DEC4CCC2}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{91251B6C-C649-4653-A001-12879F13D059}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{BAF61E60-20F4-4D06-BB96-C0CB77A60F83}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{378ABE14-B90D-47B7-A874-F72B1661DDC4}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{1F0A6116-9FA1-47DD-9B12-B0B5EF7A4880}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{043B75F6-DBFF-4A04-9CA7-B71CCF0DC96D}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe No File FirewallRules: [{05F62148-2FF4-4181-A0F3-6C4DC02606E5}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{0E92F0E7-64A0-4AC0-8975-F4DF53ACE776}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{E7B7CECF-F496-415F-96EA-302664805971}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{D4B3278C-9995-449D-96B3-C7474772C763}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{C80F886A-BB44-4235-B0B2-CF1A193F05C4}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{41C453E8-9624-42B6-9174-373EB1891F25}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{6F4B16F3-A188-4BDB-9777-58160F7E21EE}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{46A49CC0-5344-40B1-8B51-09DF77C7FB0A}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{55D61D1C-F756-4A07-9243-CCC899075A08}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{53E8962B-4DEC-488D-8661-495D4737CDA4}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [TCP Query User{D7BC9FDD-FCBD-49CC-B74A-BBFF2BCB5B84}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe No File FirewallRules: [UDP Query User{C87915B3-527A-42E0-B85F-ED4DD63A7405}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe No File FirewallRules: [TCP Query User{C207C553-C7C8-4B35-BDE6-ED609AD7F33A}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File FirewallRules: [UDP Query User{437B5298-C23B-4416-BD9C-94483CE04AFA}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File FirewallRules: [TCP Query User{A9186990-4148-4E6F-8440-85AD963EBCFB}C:\program files (x86)\stunnel\stunnel.exe] => (Allow) C:\program files (x86)\stunnel\stunnel.exe No File FirewallRules: [UDP Query User{7453BE9E-9BF0-4775-A1A1-68CB4CF00688}C:\program files (x86)\stunnel\stunnel.exe] => (Allow) C:\program files (x86)\stunnel\stunnel.exe No File FirewallRules: [{1F303B66-7E89-47DC-83C3-BE8C8C861D6B}] => (Allow) C:\Program Files (x86)\TradeWestForex Software\Momentics\MetaTrader Files\terminal.exe No File FirewallRules: [{9828AED0-109C-4550-8030-8EFC12C71FE0}] => (Allow) C:\Program Files (x86)\TradeWestForex Software\Momentics\MomenticsInstallHelper.exe No File FirewallRules: [TCP Query User{2CA55E41-4178-4D34-8B2A-4A817E8518DB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe No File FirewallRules: [UDP Query User{63E8645A-58B0-4551-A7D0-6576974F2E47}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe No File FirewallRules: [TCP Query User{65D06798-C5A8-4887-A82C-0CD4EF2C6AFA}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File FirewallRules: [UDP Query User{E9C31E09-1FBB-4642-A287-3742D9CB1622}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File FirewallRules: [TCP Query User{8A6EFF58-B9BB-4C5E-82C6-ACDE86444063}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe No File FirewallRules: [UDP Query User{A14D9E71-76F1-4154-900E-952E97FC7731}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe No File FirewallRules: [TCP Query User{6FA59574-6029-4EA8-9701-B34ACC372358}C:\program files\xtremetuner plus\xtremetuner plus.exe] => (Allow) C:\program files\xtremetuner plus\xtremetuner plus.exe No File FirewallRules: [UDP Query User{24C0DF42-C6A1-46CA-BE17-37A7453B04BD}C:\program files\xtremetuner plus\xtremetuner plus.exe] => (Allow) C:\program files\xtremetuner plus\xtremetuner plus.exe No File FirewallRules: [{8874D103-543E-4B8E-BB4F-1D52A9E402B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{EE703341-CD92-4317-909C-78D5B5EF85D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{CDAC2D78-B71B-43EE-8C2D-46F802C96CC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{226081DC-86E7-4A5C-AEBC-89E61E01AF9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{B36681FB-694D-494B-8F89-4F56E23D01FE}] => (Allow) C:\Program Files\MetaTrader\metatester64.exe No File FirewallRules: [TCP Query User{5A3756C9-2FE5-458F-8D05-5C7098B503D4}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe No File FirewallRules: [UDP Query User{4BC6547C-6707-4519-AC9E-12C62D678F1A}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe No File FirewallRules: [{90B83B53-5555-4F64-8950-26EA3F4EBCFA}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS73EF\HPDiagnosticCoreUI.exe No File FirewallRules: [{FADA52D3-389D-40E4-819D-98589DB94569}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS73EF\HPDiagnosticCoreUI.exe No File FirewallRules: [{88EFDEBF-EF4D-4FC7-9BF8-B8358304CFBE}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS03D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{9D178680-532B-4912-9960-4A9B1A6C27CD}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS03D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{0EE591B7-EC4E-4DD0-850D-F81DCE6B6C1E}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{C5FE9F23-139F-4B67-BF65-DF0A77489307}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{F38D58B0-7C3F-4C32-9877-E0C826ED791A}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{94B8C6B9-1EC9-4DBB-B103-CBB22AA324E8}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [TCP Query User{D358FC22-CB2C-4A06-B18E-49C899241723}C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe] => (Allow) C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe No File FirewallRules: [UDP Query User{C06297B2-E519-448C-8C85-B238691B99F0}C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe] => (Allow) C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe No File FirewallRules: [{1696F8C3-0A4D-4736-A5A1-A86B349F7663}] => (Allow) C:\Users\Walt\AppData\Roaming\Dropbox\bin\Dropbox.exe No File FirewallRules: [{A56238CB-35A2-406C-B71B-31A94CCA19FE}] => (Allow) C:\Users\Walt\AppData\Roaming\Dropbox\bin\Dropbox.exe No File FirewallRules: [TCP Query User{ADD44564-47FD-4565-A42C-3AD028829225}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe No File FirewallRules: [UDP Query User{002EC6CA-C8E9-4E91-93F8-A0B11DDAEB6C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe No File FirewallRules: [TCP Query User{F5243AA1-AACA-4C7F-A0B5-9C4ACCCCFEF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe No File FirewallRules: [UDP Query User{E6C6B5CC-7C05-490F-BCB9-AD3849786E2B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe No File FirewallRules: [{9B6AD2D2-48C6-4439-8000-2CB145ED435C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe No File FirewallRules: [{E56CF996-4A45-4C6E-8B19-865DD4BE1051}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe No File FirewallRules: [{4986F5CF-D4B1-4F18-8FFD-6BA6EEEEB061}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe No File FirewallRules: [{D7D16C9A-680E-47A1-8BF7-63701DB5B2A2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe No File FirewallRules: [TCP Query User{48880BCB-23D3-4A05-B326-0155D30D3246}C:\program files (x86)\cqg\qtrader\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqg.exe No File FirewallRules: [UDP Query User{6C22EDD5-2B6F-4D70-83A7-A7D6BB62EEE5}C:\program files (x86)\cqg\qtrader\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqg.exe No File FirewallRules: [TCP Query User{3D5B7113-36E5-47AC-8D63-6C9CAC3A5068}C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe No File FirewallRules: [UDP Query User{12FB0F34-87EE-48B6-87A7-D42204B5F523}C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe No File FirewallRules: [{E8130CE5-4960-4647-8EF9-EE09ECE00161}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{46CBA922-616E-4E39-A11A-8652AB966549}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{B2A6C7DE-EFE8-41B4-80DB-BF5E4E6D6FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe No File FirewallRules: [{5DDF6240-F816-4B2F-AB34-2429BD1B5872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe No File FirewallRules: [TCP Query User{4B31FE70-2DB0-448E-BF33-BFF7C228D458}K:\downloads\app-find-vstarcam\app-find-vstarcam.exe] => (Allow) K:\downloads\app-find-vstarcam\app-find-vstarcam.exe No File FirewallRules: [UDP Query User{E590D69F-D973-4035-9B7D-21C0BB6C7758}K:\downloads\app-find-vstarcam\app-find-vstarcam.exe] => (Allow) K:\downloads\app-find-vstarcam\app-find-vstarcam.exe No File FirewallRules: [TCP Query User{E64C802E-0B3F-4BA9-A8A3-F59FAB485154}K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe] => (Allow) K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe No File FirewallRules: [UDP Query User{8E4D86AB-6A7C-491D-AD46-348B0794DB44}K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe] => (Allow) K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe No File FirewallRules: [{83711972-FD04-4047-9EE6-4D084DC75A4E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe No File FirewallRules: [{87D1DC28-5669-48DB-8852-8CD6C4E4478F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe No File FirewallRules: [TCP Query User{A9390BC9-9930-42D0-809B-3A39321E50B3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File FirewallRules: [UDP Query User{7C12598C-D3EF-4885-80A1-1B1801C52AA5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File EmptyTemp: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply.
  5. While I look those logs over, can you look at your Windows Defender logs and provide me a little more detail about exactly what its detecting?
  6. Attaching the logs worked fine. I'm looking them over now.
  7. Hello and welcome. Please follow these guidelines while we work on your PC: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  8. Sounds like you've done a good job to this point, but I'll have a look to be sure. Please do this: Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Please include the following in your next post: adwCleaner log FRST logs
  9. If all of your issues are resolved, then I just have some housekeeping for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
  10. Thanks, I understand now. Please make sure your copy of Malwarebytes is up to date and run a Threat Scan for me. Post the log when it's done, please.
  11. I was actually hoping to see a log that had the PUP detection that keeps coming back. If you can find one of those, please post it. Please do this now: Download and save the attached fixlist.txt file in the same location as FRST. Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. Please include the following in your next post: The fixlog.txt Report fixlist.txt
  12. In that case, you should be all set. I just have a little cleanup for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
  13. Hello and welcome. I'm reviewing your logs and I'll be back with you soon. In the meantime, can you post one of the AdwCleaner logs so I can see exactly what is being detected? Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  14. Your copy of Chrome has probably been compromised. At this point it's probably best if you just uninstall/reinstall. It's important that you follow these instructions, in the order they are listed: If enabled, delete Your Google Chrome Browser Sync Data by following the steps in this post: https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If you wish, you can backup your bookmarks before uninstalling. Follow these instructions: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks If you save passwords in Chrome, you may export them as well. Follow these instructions to do that: https://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookies https://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page. https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and, if applicable, restore your bookmarks and passwords.
  15. Do you have Chrome set up to sync with Chrome installs on other devices? To check click on the 3 dots in the upper right hand corner of Chrome, select Settings, then look under the People section near the top.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.