Jump to content

Possible Infection? Browser Crashes


Recommended Posts

To be honest, I have no clue if this is Windows-related or a malware infection. I don't really download files, so this is somewhat worrying for me. Similar to another recent post, I've begun to see Chrome crash seemingly at random over the past few days; no amount of waiting will solve the problem and after forcing Chrome to close, all other browsers refuse to load pages or downright fail to even open until a log off or restart. As such I stopped using Chrome only to find that browsers such as Firefox will eventually refuse to load webpages anyway, with Chrome crashing as soon as it's opened during this time.

The problem has become more persistent until today, where I practically cannot do any web browsing at all before the problem crops up again. Writing from safe mode at the moment; it seems to not occur there, but a Malwarebytes scan turns up empty.

Link to post
Share on other sites

Hello TheOneAndOnlyBatman and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Thanks for the reply, Kevin!

Was able to run FRST from a standard boot, the requested logs are attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-02-2017 01
Ran by fierc (administrator) on DESKTOP-487QCLP (11-02-2017 11:51:50)
Running from C:\Users\fierc\Desktop
Loaded Profiles: fierc (Available Profiles: fierc)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Flux Software LLC) C:\Users\fierc\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5753112 2015-05-05] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4147342273-2117281084-4154626195-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-4147342273-2117281084-4154626195-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-4147342273-2117281084-4154626195-1002\...\Run: [f.lux] => C:\Users\fierc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{74e7f8e0-faac-4c60-a742-23f9f3b18786}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4147342273-2117281084-4154626195-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4147342273-2117281084-4154626195-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4147342273-2117281084-4154626195-1002 -> DefaultScope {FFF3C658-E77E-462A-B5A5-AA470B6AE086} URL = 
SearchScopes: HKU\S-1-5-21-4147342273-2117281084-4154626195-1002 -> {FFF3C658-E77E-462A-B5A5-AA470B6AE086} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: n9s0wpk4.default
FF ProfilePath: C:\Users\fierc\AppData\Roaming\Mozilla\Firefox\Profiles\n9s0wpk4.default [2017-02-10]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\n9s0wpk4.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\n9s0wpk4.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n9s0wpk4.default -> Secure Search
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-10]
FF SearchPlugin: C:\Users\fierc\AppData\Roaming\Mozilla\Firefox\Profiles\n9s0wpk4.default\searchplugins\McSiteAdvisor.xml [2016-02-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-26] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4147342273-2117281084-4154626195-1002: @nsroblox.roblox.com/launcher -> C:\Users\fierc\AppData\Local\Roblox\Versions\version-6da8969024ca4410\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4147342273-2117281084-4154626195-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\fierc\AppData\Local\Roblox\Versions\version-6da8969024ca4410\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4147342273-2117281084-4154626195-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-01-26] ()

Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Slides) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-29]
CHR Extension: (Google Docs) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-29]
CHR Extension: (Google Drive) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Adblock Plus) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Google Sheets) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (ROBLOX+) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5660512 2016-08-16] (INCA Internet Co., Ltd.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-25] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-05-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-12-25] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 11:51 - 2017-02-11 11:52 - 00026779 _____ C:\Users\fierc\Desktop\FRST.txt
2017-02-11 11:49 - 2017-02-11 11:51 - 00000000 ____D C:\FRST
2017-02-11 11:47 - 2017-02-11 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-11 11:44 - 2017-02-11 11:44 - 00000000 ___HD C:\OneDriveTemp
2017-02-11 11:40 - 2017-02-11 11:40 - 01763328 _____ (Farbar) C:\Users\fierc\Desktop\FRST.exe
2017-02-11 11:38 - 2017-02-11 11:49 - 02421248 _____ (Farbar) C:\Users\fierc\Desktop\FRST64.exe
2017-02-07 22:51 - 2017-02-07 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 22:38 - 2017-02-06 22:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-27 14:05 - 2017-01-27 14:05 - 00000000 ____D C:\Users\fierc\AppData\LocalLow\Dodge Roll
2017-01-27 10:06 - 2017-01-27 10:06 - 00000000 ____D C:\Users\fierc\AppData\Local\id Software
2017-01-25 12:42 - 2017-01-25 12:43 - 61608520 _____ C:\Users\fierc\Downloads\Wave Bank.xwb
2017-01-25 11:12 - 2017-01-25 11:12 - 10857614 _____ C:\Users\fierc\Downloads\tModLoader.Windows.v0.9.1.zip
2017-01-25 08:36 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 08:36 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 22:12 - 2017-01-24 22:12 - 00000000 ____D C:\ProgramData\Gyazo
2017-01-24 21:51 - 2017-01-24 21:51 - 00262144 ____N C:\WINDOWS\Minidump\012417-44640-01.dmp
2017-01-24 11:57 - 2017-01-24 11:57 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-24 11:57 - 2017-01-24 11:57 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 11:49 - 2016-10-19 00:49 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-11 11:49 - 2016-09-30 02:45 - 00000000 ____D C:\Users\fierc
2017-02-11 11:49 - 2015-10-21 06:38 - 02435982 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-02-11 11:48 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-11 11:48 - 2015-12-25 09:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-11 11:44 - 2015-12-25 09:44 - 00000000 ___RD C:\Users\fierc\OneDrive
2017-02-11 11:42 - 2016-09-30 03:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 11:41 - 2016-07-16 00:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-11 11:33 - 2016-08-25 07:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-10 23:51 - 2016-09-30 02:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 20:31 - 2016-07-28 21:46 - 00000000 ____D C:\Users\fierc\Desktop\program
2017-02-10 19:27 - 2016-04-19 19:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 19:25 - 2016-09-30 02:40 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-10 19:19 - 2016-12-17 01:59 - 00000000 ____D C:\Users\fierc\AppData\LocalLow\Mozilla
2017-02-10 18:57 - 2016-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-10 14:18 - 2016-03-25 15:09 - 00000000 ____D C:\Users\fierc\Desktop\TXT Documents
2017-02-10 05:08 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 22:48 - 2015-12-25 16:07 - 00000000 ____D C:\Users\fierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-09 17:21 - 2016-06-05 11:40 - 00000000 ____D C:\Users\fierc\Desktop\pics
2017-02-09 16:16 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-09 16:13 - 2016-07-28 21:47 - 00000000 ____D C:\Users\fierc\Desktop\backup
2017-02-08 20:32 - 2015-10-21 06:45 - 00000000 ____D C:\ProgramData\McAfee
2017-02-08 20:31 - 2016-12-16 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 20:31 - 2016-02-15 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-08 20:31 - 2016-01-26 21:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-08 10:26 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-08 10:25 - 2016-09-30 03:12 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-02-08 10:25 - 2016-09-30 03:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-02-07 22:52 - 2015-10-21 06:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 14:42 - 2015-10-21 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-07 14:42 - 2015-10-21 06:33 - 00000000 ____D C:\Program Files\Dell
2017-02-04 12:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-01 18:34 - 2015-12-29 03:08 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 18:34 - 2015-12-29 03:08 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-27 10:04 - 2015-10-21 06:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-25 10:40 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 21:51 - 2016-10-06 14:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-22 06:36 - 2015-12-25 09:39 - 00000000 ____D C:\Users\fierc\AppData\Local\Packages
2017-01-19 05:36 - 2016-12-13 01:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 05:36 - 2015-12-25 09:44 - 00002369 _____ C:\Users\fierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 00:49 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-17 06:15 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 06:13 - 2015-10-21 06:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 06:05 - 2016-01-26 21:40 - 00000000 ____D C:\Program Files\McAfee
2017-01-13 04:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2016-09-30 02:41 - 2016-09-30 02:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-25 19:22 - 2015-10-26 19:22 - 0000032 ____R () C:\ProgramData\hash.dat
2015-10-21 06:32 - 2015-10-21 06:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-21 06:27 - 2015-10-21 06:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-21 06:31 - 2015-10-21 06:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-21 06:28 - 2015-10-21 06:31 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
2016-10-19 11:22 - 2016-10-19 11:22 - 0737856 _____ (Oracle Corporation) C:\Users\fierc\AppData\Local\Temp\jre-8u111-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 09:33

==================== End of FRST.txt ============================

 

Addition.txt

Edited by TheOneAndOnlyBatman
Link to post
Share on other sites

Thanks for those logs, continue as follows:

Disable WinPatrol:

- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
- Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program

WinPatrol should now disabled and will not start at bootup.

Next,

Zip up and attach the following Folder C:\WINDOWS\Minidump

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Let me see those logs in your reply... Also tell me if there are any remaining issues or concerns....

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

Thanks again, Kevin. After some difficulty I was able to complete every scan, with usually multiple reboots in between each due to the browser problem; on one occasion, rebooting hanged, and a hard reset was required. Below should be every log along with the minidumps.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-02-2017 01
Ran by fierc (11-02-2017 13:39:49) Run:1
Running from C:\Users\fierc\Desktop
Loaded Profiles: fierc (Available Profiles: fierc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR Extension: (Chrome Media Router) - C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] 
S3 dbx; system32\DRIVERS\dbx.sys [X] 
C:\ProgramData\hash.dat 
Task: {B36E4281-9284-407F-A24C-74DF0A5329BE} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe  <==== ATTENTION
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\fierc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\ProgramData\hash.dat => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B36E4281-9284-407F-A24C-74DF0A5329BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B36E4281-9284-407F-A24C-74DF0A5329BE} => key removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => key removed successfully

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84131552 B
Java, Flash, Steam htmlcache => 778566938 B
Windows/system/drivers => 45694834 B
Edge => 8470320 B
Chrome => 819704676 B
Firefox => 373558721 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 121394 B
NetworkService => 5442 B
fierc => 2035483198 B

RecycleBin => 2394 B
EmptyTemp: => 3.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:46:38 ====

 

Emsisoft Emergency Kit - Version 12.0
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
2/11/2017 3:38:59 PM    Malware    79683    0    0:08:11    Manual scan    DESKTOP-487QCLP    

 

# AdwCleaner v6.043 - Logfile created 11/02/2017 at 15:56:56
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : fierc - DESKTOP-487QCLP
# Running from : C:\Users\fierc\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\b71d0793-e4d7-450d-87f9-d388cd2205fb
[-] Folder deleted: C:\ProgramData\fd5a9ee9-2c23-483c-9ea2-618b0f8f6889


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [897 Bytes] - [11/02/2017 15:56:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [1250 Bytes] - [11/02/2017 15:53:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1042 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by fierc (Administrator) on Sat 02/11/2017 at 16:16:46.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)

Deleted the following from C:\Users\fierc\AppData\Roaming\Mozilla\Firefox\Profiles\n9s0wpk4.default\prefs.js
user_pref(browser.search.defaultenginename.US, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFF3C658-E77E-462A-B5A5-AA470B6AE086} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/11/2017 at 16:21:00.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Minidump.zip

Link to post
Share on other sites

Yes, I am currently running HWMonitor. The laptop doesn't show any obvious signs of overheating when the problem occurs (not hot to the touch, no severe freezing, etc.), and usually runs at around 40-50 C regardless of conditions. HWMonitor is reading at 45 C; the laptop has occasionally overheated in the past while idling with no immediately noticeable cause, however.

While all browsers refuse to load webpages during the problem, other miscellaneous browsers (i.e. Steam's built-in site browser) seem to work just fine. I haven't done much testing on other programs and their viability.

Link to post
Share on other sites

The minidump folder only held two files, the most current being 25th Jan 2017, the other was mid 2016. The current did not attribute the crash to a driver, it indicated the crash was possibly a hardware issue related to overheating...

You mention the temps being at 40-50 *C is that reading a specific reading eg CPU or HDD, or is it a general temp reading..

Link to post
Share on other sites

I think its safe to say those temps are all ok... Run the following scan..

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image
Link to post
Share on other sites

Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC..

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes Checkmark (tick) the following against File] entries, ensure that all other entries are not Checkmarked

[Hj.Shortcut][File] C:\Users\fierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MoveGames\DMO_GSP\GameKing.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://dmo.gameking.com -> Found
[Tr.Gen0][File] C:\Users\fierc\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\fierc\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\fierc\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\fierc\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\fierc\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found


Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply.
 
Any improvement...?
 
 
 
 

 

Link to post
Share on other sites

Thank you for log and update, one more scan...

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.
Link to post
Share on other sites

Sophos managed to find one infection, however the file in question seemed to be quite old and it would be rather bizarre if it turned out to be the cause. Regardless, I removed it, and have copied the log:

 

2017-02-12 02:07:50.208    Sophos Virus Removal Tool version 2.5.6
2017-02-12 02:07:50.208    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-02-12 02:07:50.208    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-12 02:07:50.208    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-02-12 02:07:50.209    Checking for updates...
2017-02-12 02:07:50.372    Update progress: proxy server not available
2017-02-12 02:08:11.532    Option all = no
2017-02-12 02:08:11.532    Option recurse = yes
2017-02-12 02:08:11.533    Option archive = no
2017-02-12 02:08:11.533    Option service = yes
2017-02-12 02:08:11.533    Option confirm = yes
2017-02-12 02:08:11.533    Option sxl = yes
2017-02-12 02:08:11.535    Option max-data-age = 35
2017-02-12 02:08:11.535    Option vdl-logging = yes
2017-02-12 02:08:11.543    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-12 02:08:11.544    Machine ID:    7c290e6011894c1f8f94dc470fe2bdd7
2017-02-12 02:08:11.545    Component SVRTcli.exe version 2.5.6
2017-02-12 02:08:11.545    Component control.dll version 2.5.6
2017-02-12 02:08:11.546    Component SVRTservice.exe version 2.5.6
2017-02-12 02:08:11.546    Component engine\osdp.dll version 1.44.1.2280
2017-02-12 02:08:11.546    Component engine\veex.dll version 3.68.0.2280
2017-02-12 02:08:11.546    Component engine\savi.dll version 9.0.7.2280
2017-02-12 02:08:11.547    Component rkdisk.dll version 1.5.31.1
2017-02-12 02:08:11.547    Version info:    Product version    2.5.6
2017-02-12 02:08:11.548    Version info:    Detection engine    3.68.0
2017-02-12 02:08:11.548    Version info:    Detection data    5.36
2017-02-12 02:08:11.548    Version info:    Build date    2/7/2017
2017-02-12 02:08:11.548    Version info:    Data files added    148
2017-02-12 02:08:11.548    Version info:    Last successful update    (not yet updated)
2017-02-12 02:08:12.569    Downloading updates...
2017-02-12 02:08:12.572    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-12 02:08:12.572    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-12 02:08:12.573    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-12 02:08:12.573    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-12 02:08:12.573    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-12 02:08:12.573    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-12 02:08:12.573    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-12 02:08:12.573    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-12 02:08:12.960    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-12 02:08:12.960    Update progress: [I19463] Product download size 158884372 bytes
2017-02-12 02:08:32.501    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-02-12 02:08:32.502    Update progress: [I19463] Product download size 2537599 bytes
2017-02-12 02:08:32.982    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-02-12 02:08:32.982    Update progress: [I19463] Product download size 343929 bytes
2017-02-12 02:08:33.062    Installing updates...
2017-02-12 02:08:33.885    Error level 1
2017-02-12 02:08:48.865    Update successful
2017-02-12 02:09:08.655    Option all = no
2017-02-12 02:09:08.656    Option recurse = yes
2017-02-12 02:09:08.656    Option archive = no
2017-02-12 02:09:08.656    Option service = yes
2017-02-12 02:09:08.656    Option confirm = yes
2017-02-12 02:09:08.656    Option sxl = yes
2017-02-12 02:09:08.658    Option max-data-age = 35
2017-02-12 02:09:08.658    Option vdl-logging = yes
2017-02-12 02:09:08.665    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-12 02:09:08.665    Machine ID:    7c290e6011894c1f8f94dc470fe2bdd7
2017-02-12 02:09:08.667    Component SVRTcli.exe version 2.5.6
2017-02-12 02:09:08.667    Component control.dll version 2.5.6
2017-02-12 02:09:08.667    Component SVRTservice.exe version 2.5.6
2017-02-12 02:09:08.667    Component engine\osdp.dll version 1.44.1.2280
2017-02-12 02:09:08.668    Component engine\veex.dll version 3.68.0.2280
2017-02-12 02:09:08.668    Component engine\savi.dll version 9.0.7.2280
2017-02-12 02:09:08.669    Component rkdisk.dll version 1.5.31.1
2017-02-12 02:09:08.669    Version info:    Product version    2.5.6
2017-02-12 02:09:08.669    Version info:    Detection engine    3.68.0
2017-02-12 02:09:08.669    Version info:    Detection data    5.36
2017-02-12 02:09:08.669    Version info:    Build date    2/7/2017
2017-02-12 02:09:08.669    Version info:    Data files added    148
2017-02-12 02:09:08.669    Version info:    Last successful update    2/11/2017 8:08:48 PM

2017-02-12 02:32:08.242    Could not open C:\hiberfil.sys
2017-02-12 02:32:17.040    Could not open C:\pagefile.sys
2017-02-12 02:53:55.232    Could not open C:\swapfile.sys
2017-02-12 02:53:55.679    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-12 02:53:55.679    Could not open C:\System Volume Information\{699fbfcd-f081-11e6-9c13-780cb85382fb}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-12 02:53:55.679    Could not open C:\System Volume Information\{c116385b-e961-11e6-9c0e-780cb85382fb}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-12 02:53:55.679    Could not open C:\System Volume Information\{e729fd4c-f0a6-11e6-9c17-780cb85382fb}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-12 02:53:55.679    Could not open C:\System Volume Information\{e72a0329-f0a6-11e6-9c17-780cb85382fb}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-12 03:00:09.437    >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\fierc\Desktop\program\IGG-Rabi-Ribi\steam_api.dll
2017-02-12 03:08:00.363    Could not open C:\Windows\System32\config\BBI
2017-02-12 03:08:00.586    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-02-12 03:08:00.602    Could not open C:\Windows\System32\config\RegBack\SAM
2017-02-12 03:08:00.602    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-02-12 03:08:00.617    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-02-12 03:08:00.633    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-02-12 03:18:15.888    Could not open C:\Windows\Temp\mcafee_hzNf5sp1oUMDixs
2017-02-12 03:28:20.367    Could not open LOGICAL:0003:00000000
2017-02-12 03:28:20.368    Could not open D:\
2017-02-12 03:28:20.472    The following items will be cleaned up:
2017-02-12 03:28:20.472    Mal/VMProtBad-A

Link to post
Share on other sites

Yes - unfortunately, the problem has happened since the last scan. However, I did find two new interesting things:

1. The problem does seem to be started by web browsing, but it actually isn't limited to that once it starts. Some programs (HWMonitor, McAfee) refused to open at all during the problem, while other basic windows applications I tested (Calculator, Notepad) seemed to have no problems working.

2. The problem does not require a restart like I originally thought and will disappear if left alone for long enough. Afterwards, all programs I had queued up to open, like HWMonitor and McAfee, do so at once.

Link to post
Share on other sites

Firefox is your default browser, is that the one that causes the problem...? if so try a "Clean" install Firefox:


Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens...
Link to post
Share on other sites

Yes definitely worth making clean installs, you`ve got instructions for Firefox, instructions for Chrome follow:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help....?
Link to post
Share on other sites

Thanks for the update, run the following...

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

Accept UAC alert...

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:
 
  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, (expand the drop down arrow) check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.



Next,

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

Post those logs, also tell me if there is any improvement...?

Link to post
Share on other sites

A chkdsk overnight and an sfc this morning, logs below. No error messages from sfc.

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          2/17/2017 7:54:43 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-487QCLP
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  514304 file records processed.                                                        
File verification completed.
  12634 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
  607950 index entries processed.                                                      
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered to lost and found.                    

Stage 3: Examining security descriptors ...
Cleaning up 2951 unused index entries from index $SII of file 0x9.
Cleaning up 2951 unused index entries from index $SDH of file 0x9.
Cleaning up 2951 unused security descriptors.
Security descriptor verification completed.
  46824 data files processed.                                          
CHKDSK is verifying Usn Journal...
  34336336 USN bytes processed.                                                          
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  514288 files processed.                                                              
File data verification completed.

Stage 5: Looking for bad, free clusters ...
  417266656 free clusters processed.                                                      
Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

1939569663 KB total disk space.
 269633688 KB in 331480 files.
    191068 KB in 46825 indexes.
         0 KB in bad sectors.
    678279 KB in use by the system.
     65536 KB occupied by the log file.
1669066628 KB available on disk.

      4096 bytes in each allocation unit.
 484892415 total allocation units on disk.
 417266657 allocation units available on disk.

Internal Info:
00 d9 07 00 55 c5 05 00 20 5f 0a 00 00 00 00 00  ....U... _......
fa 04 00 00 6e 00 00 00 00 00 00 00 00 00 00 00  ....n...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-02-17T13:54:43.905535500Z" />
    <EventRecordID>44373</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-487QCLP</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  514304 file records processed.                                                        
File verification completed.
  12634 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
  607950 index entries processed.                                                      
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered to lost and found.                    

Stage 3: Examining security descriptors ...
Cleaning up 2951 unused index entries from index $SII of file 0x9.
Cleaning up 2951 unused index entries from index $SDH of file 0x9.
Cleaning up 2951 unused security descriptors.
Security descriptor verification completed.
  46824 data files processed.                                          
CHKDSK is verifying Usn Journal...
  34336336 USN bytes processed.                                                          
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  514288 files processed.                                                              
File data verification completed.

Stage 5: Looking for bad, free clusters ...
  417266656 free clusters processed.                                                      
Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

1939569663 KB total disk space.
 269633688 KB in 331480 files.
    191068 KB in 46825 indexes.
         0 KB in bad sectors.
    678279 KB in use by the system.
     65536 KB occupied by the log file.
1669066628 KB available on disk.

      4096 bytes in each allocation unit.
 484892415 total allocation units on disk.
 417266657 allocation units available on disk.

Internal Info:
00 d9 07 00 55 c5 05 00 20 5f 0a 00 00 00 00 00  ....U... _......
fa 04 00 00 6e 00 00 00 00 00 00 00 00 00 00 00  ....n...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

CBS.zip

Edited by TheOneAndOnlyBatman
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.