View Single Post
  #1  
Old December 16th, 2019, 06:26 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 306
Doing my yearly check for malware

I really should do this twice a year but in the last 3 months with work I have not had a chance. I'm running FRST an hope everyone has been well.

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270208 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3107326716-814032089-3740455390-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3107326716-814032089-3740455390-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162019105904865\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe [566984 2019-12-05] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-3107326716-814032089-3740455390-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162019105904865\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3107326716-814032089-3740455390-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162019105907102\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe [566984 2019-12-05] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-3107326716-814032089-3740455390-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12162019105907102\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FB111B2-4601-4545-8FA8-70CD9F810B29} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {48211D53-740F-4C4F-8F6C-3E39617E98D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {8EFF3ADE-B677-490B-A0A6-A64F40DE12FD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe)
Task: {C9AEBBAE-CDD4-497D-8700-2607B72A139B} - System32\Tasks\Opera scheduled Autoupdate 1574190292 => C:\Users\MattS\AppData\Local\Programs\Opera\launch er.exe [1528344 2019-12-12] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d09ea5d8-05ca-4dce-a6a2-7912228ab1f1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d7fd4481-caf7-4e4b-801a-8d29c88b4e10}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

Edge:
======
DownloadDir: C:\Users\MattS\Downloads
Edge Notifications: HKU\S-1-5-21-3107326716-814032089-3740455390-1001 -> hxxps://www.eroprofile.com

FireFox:
========
FF DefaultProfile: y5zdsbob.default
FF ProfilePath: C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\y5zdsbob.default [2019-10-18]
FF ProfilePath: C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\4t6if1oe.default-release [2019-12-16]
FF Extension: (NoSquint Plus) - C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\4t6if1oe.default-release\Extensions\zoomlevelplus@zoomlevelplus.net .xpi [2019-08-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_ 303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 303.dll [2019-12-10] (Adobe Inc. -> )

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-10-12] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-16] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Reply With Quote