Fake Google chrome processes

[Bradison]

I just ran my FRST scan while in safe mode. I don't know if that will affect the outcome of the log or going forward. I've had had this problem for a few days and haven't been able to stop and just post about it. Thank you very much in advance for assistance.

 

[Bradison]

Here is my addition file as well.

 

[argus]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
Task: {0FDA5F40-B365-44B0-9BF0-523E99CD40D5} - \VisualBeeRecovery No Task File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3191391572-4259762684-2448715301-1000\...\Run: [rygfuzmz] => regsvr32.exe /s "C:\Users\Brando PC\AppData\Local\CDWLauncher\rygfuzmz.dll" <===== ATTENTION
C:\Users\Brando PC\AppData\Local\CDWLauncher
SearchScopes: HKLM-x32 - DefaultScope {542DE653-83C0-48A3-BC79-66EF09E917BD} URL =
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=0f21g1IJsu00gg&q=
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3287802&SearchSource=48&CUI=UN42288946091021215&UM=2"
CHR Plugin: (Native Client) - C:\Users\Brando PC\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 X6va006; \??\C:\Users\BRANDO~1\AppData\Local\Temp\006AB74.tmp [X]
EmptyTemp:
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

 

[Bradison]

Here is my fixlog. I have been monitoring my processes and haven't seen anything thus far. Thanks so much for you help.

 

[argus]

C:\Users\Brando PC\AppData\Local\CDWLauncher\rygfuzmz.dll - > malware is gone

Is everything ok now?

 

[Bradison]

Yes, it looks good. I have exited chrome a few times and didn't notice any processes that stayed open afterwards. Thanks so much for your help. Anything I need to do now?

 

[argus]

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



Greeting!