Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Snifula Activity 9 Detected by SEP


  • Please log in to reply
9 replies to this topic

#1 BASystems

BASystems

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 10 May 2017 - 12:00 AM

I am seeing lots of Blocked Messages from Symantec.  Trojan.Snifula Activity 9 Detected.  SEP seems to be blocking inbound and outbound communication for now.

 

I have Run Norton Power Eraser.  Did not find anything.

I have run Full System scan with SEP after updating to latest defs, nothing found

I have run Rkill

I have run Malwarebytes full scan and it is clean

I have run Hitmanpro - It found and deleted cookies, but nothing else found.

 

I am still getting Popups from SEP and now Malwarebytes about the blocked traffic.

 

Please help.



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:00 AM

Posted 10 May 2017 - 11:15 AM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

 

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 BASystems

BASystems
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 10 May 2017 - 06:04 PM

Please find attached the Log files.  I shutdown the computer after first contacting you, and in working with it to do the scans, I have not seen one popup about virus activity.
 
The Eset scan found nothing so there is no log file attached.

 

MTS:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by PCodell (administrator) on 10-05-2017 at 16:26:24
Running from "C:\Users\PCodell\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: Latitude E5530 non-vPro Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
Dell Wireless 1504 802.11b/g/n (2.4GHz) = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set subinterface interface=?+$ subinterface=ethernet_9 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : JN20YW1-SSD
   Primary Dns Suffix  . . . . . . . : codell.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : codell.local
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : B8-76-3F-36-31-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 20-16-D8-9C-38-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : codell.local
   Description . . . . . . . . . . . : Dell Wireless 1504 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : B8-76-3F-36-31-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b814:2eaf:5f81:a762%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.141(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 10, 2017 4:12:18 PM
   Lease Expires . . . . . . . . . . : Thursday, May 18, 2017 4:12:23 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.50
   DHCPv6 IAID . . . . . . . . . . . : 213415487
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F2-33-80-B8-CA-3A-DA-CF-7A
   DNS Servers . . . . . . . . . . . : 192.168.1.50
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : codell.local
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : B8-CA-3A-DA-CF-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e484:addb:d950:5a25%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.121(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, May 10, 2017 4:12:16 PM
   Lease Expires . . . . . . . . . . : Thursday, May 18, 2017 4:12:16 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.50
   DHCPv6 IAID . . . . . . . . . . . : 196659770
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-F2-33-80-B8-CA-3A-DA-CF-7A
   DNS Servers . . . . . . . . . . . : 192.168.1.50
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.codell.local:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : codell.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A20AAF2A-A536-42FB-9D50-87058B1C8A7B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{0034C108-08F2-46B3-8AB7-449890052DF4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  codellcm.codell.local
Address:  192.168.1.50
 
Name:    google.com
Addresses:  2607:f8b0:4009:803::200e
 172.217.9.78
 172.217.9.78
 172.217.9.78
 
 
Pinging google.com [172.217.9.78] with 32 bytes of data:
Reply from 172.217.9.78: bytes=32 time=18ms TTL=53
Reply from 172.217.9.78: bytes=32 time=18ms TTL=53
 
Ping statistics for 172.217.9.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  codellcm.codell.local
Address:  192.168.1.50
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=94ms TTL=46
Reply from 206.190.36.45: bytes=32 time=80ms TTL=46
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 94ms, Average = 87ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...b8 76 3f 36 31 a8 ......Microsoft Virtual WiFi Miniport Adapter
 14...20 16 d8 9c 38 77 ......Bluetooth Device (Personal Area Network)
 12...b8 76 3f 36 31 a8 ......Dell Wireless 1504 802.11b/g/n (2.4GHz)
 11...b8 ca 3a da cf 7a ......Broadcom NetXtreme 57xx Gigabit Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.121     10
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.141     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.121    266
      192.168.1.0    255.255.255.0         On-link     192.168.1.141    281
    192.168.1.121  255.255.255.255         On-link     192.168.1.121    266
    192.168.1.141  255.255.255.255         On-link     192.168.1.141    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.121    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.141    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.121    266
        224.0.0.0        240.0.0.0         On-link     192.168.1.141    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.121    266
  255.255.255.255  255.255.255.255         On-link     192.168.1.141    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 12    281 fe80::/64                On-link
 12    281 fe80::b814:2eaf:5f81:a762/128
                                    On-link
 11    266 fe80::e484:addb:d950:5a25/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/10/2017 04:12:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2017 08:41:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2017 05:42:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2017 08:32:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2017 08:34:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2017 12:18:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: excel.exe, version: 15.0.4919.1000, time stamp: 0x58c7adb5
Faulting module name: ntdll.dll, version: 6.1.7601.23714, time stamp: 0x58bf8715
Exception code: 0xc0000005
Fault offset: 0x0004eb83
Faulting process id: 0x1408
Faulting application start time: 0xexcel.exe0
Faulting application path: excel.exe1
Faulting module path: excel.exe2
Report Id: excel.exe3
 
Error: (05/04/2017 08:17:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2017 08:02:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2017 07:50:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2017 10:44:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/10/2017 04:13:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/10/2017 12:45:44 AM) (Source: Service Control Manager) (User: )
Description: The Advanced Monitoring Agent Web Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.
 
Error: (05/09/2017 09:31:51 PM) (Source: Service Control Manager) (User: )
Description: The O2SDIOAssist service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/09/2017 09:31:48 PM) (Source: Service Control Manager) (User: )
Description: The iPF Device Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/09/2017 08:42:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/09/2017 08:08:07 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CODELL due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (05/09/2017 05:47:26 AM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (05/08/2017 07:16:21 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/08/2017 05:44:51 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (05/08/2017 05:43:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (05/10/2017 04:12:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2017 08:41:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2017 05:42:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2017 08:32:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2017 08:34:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2017 12:18:41 PM) (Source: Application Error)(User: )
Description: excel.exe15.0.4919.100058c7adb5ntdll.dll6.1.7601.2371458bf8715c00000050004eb83140801d2c4f087eb1a12C:\Program Files\Microsoft Office 15\root\office15\excel.exeC:\Windows\SysWOW64\ntdll.dll5623be02-30e5-11e7-b21a-2016d89c3877
 
Error: (05/04/2017 08:17:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2017 08:02:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2017 07:50:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2017 10:44:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version:  - )
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 32.0.0.905 - LogicNow, Ltd.)
Advanced Monitoring Agent Web Protection (HKLM\...\{2FC06E3D-79B9-4078-91F0-436A3389A2E1}_is1) (Version: 5.0.0.19 - LogicNow, Inc.)
Amazon Drive (HKCU\...\Amazon Drive) (Version: 4.0.10 - Amazon.com, Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{9B34CC4C-E7FF-4AC8-B771-1D09612D6430}) (Version: 15.0.8.5 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.215 - Dell Inc.)
GFI LanGuard 11 Agent (HKLM-x32\...\{A0707C59-4B32-48B8-94ED-73BB68E1C569}) (Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKCU\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
imagePROGRAF Print Plug-In for Office (HKLM-x32\...\{223F9D22-E787-4AAA-BEB2-F0423117EB19}) (Version: 1.40 - CANON INC.)
imagePROGRAF Status Monitor (HKLM-x32\...\{66392B7C-C522-450D-97B7-B3E41E170C3B}) (Version: 25.10 - Canon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
iPF760 Media Configuration Tool (HKLM-x32\...\{8383358F-AD16-474F-B8CF-FF86D266FED1}) (Version: 3.80.00 - Canon)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Dynamics ERP Management Reporter 2012 Client (HKLM\...\{39C1022C-CBFA-8E1B-0342-2EC2D3185C90}) (Version: 2.12.14001 - Microsoft Corporation)
Microsoft Dynamics SL 2011 FP1 Client (HKLM-x32\...\InstallShield_{7FABEA5B-B654-4A66-8E6D-EE12D6172EE2}) (Version: 8.1 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{530923FF-A970-4952-9D2F-5FF3C874B50A}) (Version: 15.8.8308.920 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4919.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft SharePoint Client Runtime (HKLM\...\{90140000-1013-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
RingCentral Meetings (HKCU\...\RingCentralMeetings) (Version: 3.7 - Zoom Video Communications, Inc. and RingCentral Inc.)
ScreenConnect Client (140d159e83c470bf) (HKLM-x32\...\{D16D85DD-4B93-484A-8945-999099964055}) (Version: 6.2.12963.6312 - ScreenConnect Software)
ScriptRunner 1.8.8.0 (HKLM-x32\...\{0EDCC450-4BFD-475E-8C2B-9FF99DF23846}) (Version: 1.8.8.0 - LogicNow) Hidden
ScriptRunner Bootstrap Installer (HKLM-x32\...\{87bd6275-60e5-48f6-9216-e35fd971c4a1}) (Version: 1.8.8.0 - ScriptRunner) Hidden
Spitfire Extension for Microsoft Dynamics SL (HKLM-x32\...\{4D5D053B-33FD-4A70-92CA-7318744D2623}) (Version: 1.0.0 - Spitfire)
Spitfire Prerequisites (HKLM-x32\...\{51FD244C-C178-4A10-B4CF-76AE268F22E9}) (Version: 4.5 - Spitfire )
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
Symantec Endpoint Protection.cloud (HKLM-x32\...\NIS) (Version: 22.8.0.50 - Symantec Corporation) Hidden
Symantec.cloud - Cloud Agent (HKLM\...\{735EF746-77A8-44E8-821F-4C77F038AA90}) (Version: 3.00.10.2737 - Symantec Corporation) Hidden
Symantec.cloud - Endpoint Protection (HKLM\...\{4C89867B-2E80-4B0D-87DB-1BD643D5EF5D}) (Version: 5.10.11.690 - Symantec Corporation) Hidden
Symantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version: 3.00.10.2737 - Symantec Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 8096.79 MB
Available physical RAM: 4546.15 MB
Total Virtual: 16191.75 MB
Available Virtual: 12778.01 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:119.14 GB) (Free:59.55 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JN20YW1-SSD
 
Administrator            BA                       Guest                    
 
========================= Restore Points ==================================
 
27-04-2017 19:40:36 Scheduled Checkpoint
05-05-2017 16:16:03 Scheduled Checkpoint
 
**** End of log ****
 
 
Checkup: 
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Symantec Endpoint Protection.cloud   
Malwarebytes                         
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (58.0.3029.96) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Symantec.cloud AntiVirus AVAgent.exe  
 symantec.cloud antivirus ssDVAgent.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log``````````````````````
 
 
Rkill:
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/10/2017 06:37:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\system32\cnwiols6.exe (PID: 2448) [WD-HEUR]
 * C:\Windows\SysWOW64\srvany.exe (PID: 5516) [WD-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/10/2017 06:37:24 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64 
Ran by PCodell (Administrator) on Wed 05/10/2017 at 18:37:45.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 208 
 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\061NLE2N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R55HVYX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\137EDS7S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K8LSPB5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DK1PFS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31AVYNSR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31UVTL11 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\397TEO85 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LJOA0D2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OYSTYF3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46O25RX8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HNZKTZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KMVKYTB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X3AK01F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50QAJWLG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55X1WKGT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H8G2Z4H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M2G90IP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XMB0U9L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7H40MIA3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NE1CNPE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TP1H7LX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NQ0Y0L7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A45XAG5W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APRP978X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWX492QA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXX701T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY5CW7TY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4763HG1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7EW5ZZX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8B1UAPW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBXC975N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMN6F72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ08JPP2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BU9XAO0Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6ZFJL0O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9SF4P33 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVJ7KRRB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E68253PH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUYXCDP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F81HDBPK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI297MYE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8QQB1TX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH2YWSLX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI3VGD2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IM0H0TUW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT3C1SYM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXO3YMI5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J53CN2R9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JABIK7OR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3MDDVM4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYGERTDR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFPN1H5W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMDRLPTI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ04X5LF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ZFTI4Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJELC8MN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNJPTKJ8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWCOH0Q4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZMC9E8W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGRYSBPE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHH32B1P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMCJA1ZC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ0AC01F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5S20O2K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVGLU2HD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZWA9KLI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJXKFBLL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOSVK3LJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ5AK8H7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRYXQZQC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R298NSGE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK4AUI84 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPXO7NF2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3OOQNJH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU9TXCME (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9L3Z7LE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM93JDHD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSCY00PO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWYUP4QF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYWVJFZD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5B9YU1Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNZQQFNZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0JE05OD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1TGRT8E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEHR1IKC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGT9O3BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNQ5BFWI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WT7VNGCK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWS36PMV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXSW0FHY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YDNV7D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XK1YW893 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y810TTEA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEDA7EPH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJ9XESYP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z352G2YQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6EQ1H74 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZERKU2K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PCodell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWB0954 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\061NLE2N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R55HVYX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\137EDS7S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K8LSPB5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DK1PFS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31AVYNSR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31UVTL11 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\397TEO85 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LJOA0D2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OYSTYF3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46O25RX8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HNZKTZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KMVKYTB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X3AK01F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50QAJWLG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55X1WKGT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H8G2Z4H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M2G90IP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XMB0U9L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7H40MIA3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NE1CNPE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TP1H7LX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NQ0Y0L7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A45XAG5W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APRP978X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWX492QA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXX701T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY5CW7TY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4763HG1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7EW5ZZX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8B1UAPW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBXC975N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMN6F72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ08JPP2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BU9XAO0Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6ZFJL0O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9SF4P33 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVJ7KRRB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E68253PH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUYXCDP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F81HDBPK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI297MYE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8QQB1TX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH2YWSLX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI3VGD2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IM0H0TUW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT3C1SYM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXO3YMI5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J53CN2R9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JABIK7OR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3MDDVM4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYGERTDR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFPN1H5W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMDRLPTI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ04X5LF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9ZFTI4Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJELC8MN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNJPTKJ8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWCOH0Q4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZMC9E8W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGRYSBPE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHH32B1P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMCJA1ZC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ0AC01F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5S20O2K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVGLU2HD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZWA9KLI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJXKFBLL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOSVK3LJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ5AK8H7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRYXQZQC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R298NSGE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK4AUI84 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPXO7NF2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3OOQNJH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU9TXCME (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9L3Z7LE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM93JDHD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSCY00PO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWYUP4QF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYWVJFZD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5B9YU1Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNZQQFNZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0JE05OD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1TGRT8E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEHR1IKC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGT9O3BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNQ5BFWI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WT7VNGCK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWS36PMV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXSW0FHY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YDNV7D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XK1YW893 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y810TTEA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEDA7EPH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJ9XESYP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z352G2YQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6EQ1H74 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZERKU2K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPWB0954 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/10/2017 at 18:40:27.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner:
 
# AdwCleaner v6.046 - Logfile created 10/05/2017 at 18:45:36
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-10.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : PCodell - JN20YW1-SSD
# Running from : C:\Users\PCodell\Desktop\adwcleaner_6.046.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\PCodell\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\PCodell\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1177 Bytes] - [10/05/2017 18:45:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1250 Bytes] ##########
 
 
Looks clean, but I'm wondering if it was only memory resident and the shutdown effectively killed it.
 
Thanks,
 
BA
 

 



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:00 AM

Posted 10 May 2017 - 06:35 PM

If there is any more Blocked Traffic, please let me know by posting again in this forum.

Run one more anti-malware scan to check if anything is still remaining. 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the .EXE file that you downloaded and follow the extracting prompt.

  2. Find the MBAR folder and launch the executable in the folder.

  3. Select the option to Update the virus definitions.

  4. Once done updating, MBAR will scan your computer.

  5. When complete, please click Cleanup to remove the threats. Do NOT click inside the window when MBAR is doing the cleanup process.

  6. When finished, restart the PC.

  7. Post these logs in a forum post, which are inside the MBAR folder: mbar-log(date) and system-log.txt.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 BASystems

BASystems
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 11 May 2017 - 02:04 PM

Here are the log files. The Scan was clean.  No further popups of Trojan  blockages.

 

MBAR:

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.05.11.06
  rootkit: v2017.04.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18665
PCodell :: JN20YW1-SSD [administrator]
 
5/11/2017 2:33:39 PM
mbar-log-2017-05-11 (14-33-39).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 292857
Time elapsed: 4 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
System:
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18665
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.890000 GHz
Memory total: 8490094592, free: 5440753664
 
Downloaded database version: v2017.05.11.06
Downloaded database version: v2017.04.02.01
Downloaded database version: v2017.05.11.01
=======================================
------------ Kernel report ------------
     05/11/2017 14:33:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\SYMEFASI64.SYS
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\ccSetx64.sys
\??\C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1608000.032\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1608000.032\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1608000.032\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\BASHDefs\20170508.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ST_Accel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\??\C:\Windows\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\hpfx64bulk.sys
\SystemRoot\system32\drivers\hpfx64gen.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\farflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\??\C:\Program Files\Advanced Monitoring Agent Web Protection\WebProtectionDriverDigiCert.sys
\SystemRoot\System32\Drivers\NISx64\1608000.032\SRTSP64.SYS
\??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\IPSDefs\20170510.003\IDSvia64.sys
\??\C:\Windows\system32\drivers\mwac.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.05.11.06
  rootkit: v2017.04.02.01
 
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5056B163
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 249860096
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 128035676160 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.8.0.50\QBackup\index.qbs" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:00 AM

Posted 11 May 2017 - 02:28 PM

Is your computer 100% back to normal?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 BASystems

BASystems
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 11 May 2017 - 02:33 PM

I hesitate to say yes.  I have not seen a popup since the reboot, but the fact that I was seeing the blockages by SEP and MalwareBytes makes me think it was not a false positive.  Something was running somewhere!

 

I haven't used the machine except for scanning to get you the log files.

 

Next step is to go about normal usage and stand by?

 

Thanks,

 

BA



#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:00 AM

Posted 11 May 2017 - 02:40 PM

I just wanted to check if there were any pop-ups.

 

Download Sophos Virus Removal Tool and save it to your desktop.

 

  1. Double-click on the EXE file you downloaded to launch the Installation Wizard.

  2. Follow the Install Wizard prompts to install Sophos.

  3. Once all the virus definitions are done updating, click Start Scanning.

  4. If no threats are found, just close the program. If threats are found, click Details, the View Log File.

  5. Copy and paste the logfile into your reply. Close the threat details screen and then select Start Cleanup.

  6. Click Exit to quit the program.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#9 BASystems

BASystems
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 11 May 2017 - 03:35 PM

The program says "Your Computer is Clean."

 

Thanks,

 

BA



#10 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:00 AM

Posted 12 May 2017 - 02:51 PM

Please run Rkill again and post the logfile into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users