Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there any malware there?


  • This topic is locked This topic is locked
12 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 15 June 2017 - 03:56 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by HAL (administrator) on HAL-PC (15-06-2017 21:54:06)
Running from C:\Users\HAL\Desktop
Loaded Profiles: HAL (Available Profiles: HAL)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-10] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5686A1FF-0D44-4C69-8DC4-3CADA3EFB569}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKLM -> DefaultScope {A603BF68-2E0A-4DE2-8DE0-FA84E5335416} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {A603BF68-2E0A-4DE2-8DE0-FA84E5335416} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {77001979-BE45-4583-9FE4-25D7AEBD2A48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77001979-BE45-4583-9FE4-25D7AEBD2A48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000 -> DefaultScope {77001979-BE45-4583-9FE4-25D7AEBD2A48} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-06-12] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-06-12] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-06-12] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-06-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-10] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]
CHR Extension: (Google Drive) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-10]
CHR Extension: (YouTube) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-10]
CHR Extension: (Adblock Plus) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-10]
CHR Extension: (Gmail) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]
CHR Profile: C:\Users\HAL\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-10] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
S4 wpscloudsvr; C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [174696 2017-06-13] (Zhuhai Kingsoft Office Software Co.,Ltd)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-10] (AVAST Software)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [28272 2017-06-15] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-15 21:54 - 2017-06-15 21:54 - 00009353 _____ C:\Users\HAL\Desktop\FRST.txt
2017-06-15 21:54 - 2017-06-15 21:54 - 00000000 ____D C:\FRST
2017-06-15 21:53 - 2017-06-15 21:53 - 02438656 _____ (Farbar) C:\Users\HAL\Desktop\FRST64.exe
2017-06-15 21:52 - 2017-06-15 21:52 - 00001204 _____ C:\Users\HAL\Desktop\JRT.txt
2017-06-15 15:46 - 2017-06-15 15:46 - 00003288 ____N C:\bootsqm.dat
2017-06-15 13:55 - 2017-06-15 14:15 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-15 13:54 - 2017-06-15 15:41 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-15 13:54 - 2017-06-15 13:54 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-15 13:54 - 2017-06-15 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-15 13:54 - 2017-06-15 13:54 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-15 13:33 - 2017-06-15 13:46 - 00000000 ____D C:\AdwCleaner
2017-06-15 13:33 - 2017-06-15 13:33 - 01663672 _____ (Malwarebytes) C:\Users\HAL\Desktop\JRT.exe
2017-06-13 19:21 - 2017-06-13 19:21 - 00000000 ____D C:\ProgramData\GeoComply
2017-06-13 17:04 - 2017-06-15 20:51 - 00000000 ____D C:\Users\HAL\AppData\Local\PokerStars.UK
2017-06-13 17:04 - 2017-06-13 17:04 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.UK
2017-06-13 17:04 - 2017-06-13 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.UK
2017-06-13 17:03 - 2017-06-13 19:20 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2017-06-13 16:45 - 2017-06-15 21:10 - 00000382 _____ C:\Windows\Tasks\WpsUpdateTask_HAL.job
2017-06-13 16:45 - 2017-06-13 16:45 - 00004170 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_HAL
2017-06-13 16:45 - 2017-06-13 16:45 - 00004114 _____ C:\Windows\System32\Tasks\WpsExternal_HAL_20170613164559
2017-06-13 16:45 - 2017-06-13 16:45 - 00003358 _____ C:\Windows\System32\Tasks\WpsUpdateTask_HAL
2017-06-13 16:45 - 2017-06-13 16:45 - 00002353 _____ C:\Users\HAL\Desktop\WPS Writer.lnk
2017-06-13 16:45 - 2017-06-13 16:45 - 00002335 _____ C:\Users\HAL\Desktop\WPS Spreadsheets.lnk
2017-06-13 16:45 - 2017-06-13 16:45 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-06-13 16:44 - 2017-06-13 16:44 - 00000000 ____D C:\Users\HAL\AppData\Local\Kingsoft
2017-06-13 16:43 - 2017-06-13 16:45 - 00000000 ____D C:\Users\HAL\AppData\Roaming\kingsoft
2017-06-13 16:43 - 2017-06-13 16:45 - 00000000 ____D C:\ProgramData\kingsoft
2017-06-13 16:42 - 2017-06-13 16:43 - 63190424 _____ (Kingsoft Corp. Ltd.) C:\Users\HAL\Downloads\wps_office_free_10.2.0.5845_en.exe
2017-06-10 14:43 - 2017-06-10 14:43 - 00000885 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Draft 9.lnk
2017-06-10 14:43 - 2016-05-16 08:11 - 04169728 ____R (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2017-06-10 14:38 - 2017-06-10 14:38 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-10 14:38 - 2017-06-10 14:38 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-06-10 14:38 - 2017-06-10 14:38 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-06-10 14:38 - 2017-06-10 14:38 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-10 14:38 - 2017-06-10 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-10 14:37 - 2017-06-10 14:38 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-10 14:37 - 2017-06-10 14:37 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-10 14:37 - 2017-06-10 14:37 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-10 14:35 - 2017-06-10 14:35 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-10 14:11 - 2017-06-10 14:22 - 00000000 ____D C:\Users\HAL\AppData\Local\Microsoft Help
2017-06-10 12:46 - 2017-06-10 12:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Final Draft
2017-06-10 12:46 - 2017-06-10 12:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVAST Software
2017-06-10 12:44 - 2017-06-10 14:22 - 00000000 ____D C:\ProgramData\FLEXnet
2017-06-10 12:43 - 2017-06-10 12:43 - 00079776 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-10 12:43 - 2017-06-10 12:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Dell
2017-06-10 12:42 - 2017-06-10 14:23 - 00000000 ____D C:\Users\Guest
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 _SHDL C:\Users\Guest\My Documents
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2017-06-10 12:42 - 2017-06-10 12:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2017-06-10 12:42 - 2010-06-12 15:21 - 00000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2017-06-10 12:42 - 2009-07-14 08:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2017-06-10 10:22 - 2017-06-10 14:43 - 00000000 ____D C:\Program Files (x86)\Final Draft 9
2017-06-10 10:22 - 2017-06-10 12:44 - 00000000 ____D C:\ProgramData\Final Draft
2017-06-10 10:19 - 2017-06-10 10:21 - 38760297 _____ C:\Users\HAL\Downloads\finaldraft910Win.zip
2017-06-10 01:45 - 2017-06-13 17:12 - 00015139 _____ C:\Users\HAL\Desktop\Extras.xlsx
2017-06-10 01:45 - 2017-06-10 10:17 - 00000000 ____D C:\Users\HAL\Desktop\Tracks
2017-06-10 01:45 - 2017-06-10 01:45 - 00000000 ____D C:\Users\HAL\Desktop\Extra Shots
2017-06-10 01:44 - 2017-06-15 17:45 - 00000000 ____D C:\Users\HAL\Desktop\My Documents
2017-06-10 01:44 - 2017-06-10 10:17 - 00000000 ____D C:\Users\HAL\Desktop\KS Masterclass
2017-06-10 01:44 - 2017-06-10 01:44 - 00000000 ____D C:\Users\HAL\Desktop\Scripts
2017-06-10 01:44 - 2017-05-15 10:59 - 00052523 _____ C:\Users\HAL\Desktop\Character Details[352].pdf
2017-06-10 01:44 - 2017-05-15 10:59 - 00032839 _____ C:\Users\HAL\Desktop\Blue Stockings Synopsis[353].pdf
2017-06-10 01:43 - 2017-06-14 16:04 - 00000000 ____D C:\Users\HAL\Desktop\Job Stuff
2017-06-10 01:40 - 2017-06-10 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-10 01:40 - 2017-06-10 14:38 - 00000000 ____D C:\Program Files\CCleaner
2017-06-10 01:35 - 2017-06-10 01:35 - 00000000 ____D C:\Users\HAL\Documents\Dell WebCam Central
2017-06-10 01:35 - 2017-06-10 01:35 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Creative
2017-06-10 01:35 - 2017-06-10 01:35 - 00000000 ____D C:\ProgramData\Creative
2017-06-10 01:24 - 2017-06-10 01:24 - 00000000 ____D C:\Users\Administrator
2017-06-10 01:11 - 2017-06-10 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-06-10 01:11 - 2017-06-10 01:11 - 00000000 ____D C:\Program Files\VS Revo Group
2017-06-10 01:04 - 2017-06-10 01:04 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-10 01:03 - 2017-06-10 14:21 - 00000000 ____D C:\Users\HAL\AppData\Local\Google
2017-06-10 01:03 - 2017-06-10 01:04 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-10 01:03 - 2017-06-10 01:03 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-10 01:03 - 2017-06-10 01:03 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-10 01:03 - 2017-06-10 01:03 - 00000000 ____D C:\Users\HAL\AppData\Local\Deployment
2017-06-10 01:03 - 2017-06-10 01:03 - 00000000 ____D C:\Users\HAL\AppData\Local\Apps\2.0
2017-06-10 00:52 - 2017-06-10 00:52 - 00000000 ____D C:\Windows\pss
2017-06-10 00:48 - 2017-06-10 00:48 - 00001415 _____ C:\Users\HAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-06-10 00:48 - 2017-06-10 00:48 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Roxio
2017-06-10 00:48 - 2017-06-10 00:48 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Dell
2017-06-10 00:48 - 2017-06-10 00:48 - 00000000 ____D C:\Users\HAL\AppData\Local\SupportSoft
2017-06-10 00:48 - 2017-06-10 00:48 - 00000000 ____D C:\Users\HAL\AppData\Local\Stardock_Corporation
2017-06-10 00:47 - 2017-06-10 00:48 - 00001449 _____ C:\Users\HAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-10 00:44 - 2017-06-15 12:55 - 00079728 _____ C:\Users\HAL\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-10 00:44 - 2017-06-10 00:44 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
2017-06-10 00:43 - 2017-06-13 19:35 - 00000000 ____D C:\Users\HAL\AppData\Local\VirtualStore
2017-06-10 00:43 - 2017-06-10 14:43 - 00000000 ____D C:\Users\HAL\AppData\Local\SoftThinks
2017-06-10 00:43 - 2017-06-10 14:24 - 00000000 ____D C:\Users\HAL
2017-06-10 00:43 - 2017-06-10 00:43 - 00000020 ___SH C:\Users\HAL\ntuser.ini
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 _SHDL C:\Users\HAL\My Documents
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 _SHDL C:\Users\HAL\Documents\My Videos
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 _SHDL C:\Users\HAL\Documents\My Pictures
2017-06-10 00:43 - 2017-06-10 00:43 - 00000000 _SHDL C:\Users\HAL\Documents\My Music
2017-06-10 00:43 - 2009-07-14 08:44 - 00000000 ____D C:\Users\HAL\AppData\Roaming\Media Center Programs
2017-06-10 00:16 - 2017-06-10 00:35 - 00000000 ____D C:\Windows\SMINST
2017-06-09 21:58 - 2017-06-09 21:58 - 00000000 ____D C:\Users\HAL\AppData\Roaming\AVAST Software
2017-06-09 21:58 - 2017-06-09 21:58 - 00000000 ____D C:\Users\HAL\AppData\Local\CEF
2017-06-09 21:55 - 2017-06-09 21:55 - 00000000 ____D C:\ProgramData\AVAST Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-15 20:57 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-15 20:57 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-15 20:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-06-15 20:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 17:56 - 2009-07-14 05:45 - 00337856 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-12 11:33 - 2009-07-14 06:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-10 14:41 - 2009-07-14 08:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-10 14:27 - 2010-06-12 15:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-06-10 14:25 - 2010-06-12 14:58 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-06-10 14:23 - 2010-06-12 15:14 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-10 14:23 - 2010-06-12 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-06-10 14:23 - 2010-06-12 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-10 14:23 - 2010-06-12 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
2017-06-10 14:23 - 2010-06-12 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2017-06-10 14:23 - 2010-06-12 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2017-06-10 14:23 - 2010-06-12 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2017-06-10 14:23 - 2010-06-12 14:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2017-06-10 14:23 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-10 14:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2017-06-10 14:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-06-10 01:42 - 2010-06-12 17:20 - 00000000 ____D C:\Windows\Panther
2017-06-10 01:34 - 2010-06-12 15:08 - 00000000 ____D C:\Program Files (x86)\Creative
2017-06-10 01:34 - 2010-06-12 15:07 - 00000000 ____D C:\Program Files (x86)\Dell Webcam
2017-06-10 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-06-10 01:20 - 2010-06-12 14:53 - 00000000 ____D C:\ProgramData\WildTangent
2017-06-10 01:01 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-10 00:57 - 2010-06-12 17:10 - 00000000 ____D C:\dell
2017-06-10 00:47 - 2010-06-12 14:50 - 00000000 ____D C:\ProgramData\Dell
2017-06-10 00:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
 
Some files in TEMP:
====================
2017-06-15 13:55 - 2009-07-14 02:43 - 1736792 _____ (Microsoft Corporation) C:\Users\HAL\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-14 10:11
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 16 June 2017 - 05:42 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by HAL (Administrator) on 16/06/2017 at 11:35:23.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG8EAI0H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9HHR0TC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ1BL6H6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG8EAI0H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9HHR0TC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ1BL6H6 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/06/2017 at 11:38:44.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 16 June 2017 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the Addition.txt file created by the Farbar program.

Let me know what problem you are having with this computer.

#4 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 16 June 2017 - 03:55 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by HAL (15-06-2017 21:54:46)
Running from C:\Users\HAL\Desktop
Windows 7 Home Premium (X64) (2017-06-09 23:43:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HAL (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\HAL
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.92 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.1.0.210 - Cast & Crew Production Software, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
WPS Office (10.2.0.5845) (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Kingsoft Office) (Version: 10.2.0.5845 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\10.2.0.5845\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {125D6836-A7AD-4956-BF5E-0CA69B2144B8} - System32\Tasks\WpsUpdateTask_HAL => C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\10.2.0.5845\wtoolex\wpsupdate.exe [2017-06-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {37B94613-D3EE-4F42-81F0-08B2F403CCED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {7AEEFF1D-CD96-4884-B5BD-81DC41EB16A0} - System32\Tasks\WpsKtpcntrQingTask_HAL => C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\10.2.0.5845\office6\ktpcntr.exe [2017-06-13] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B217E39B-D00B-464F-BAB6-A107B9B30A75} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-10] (AVAST Software)
Task: {C9135087-30A0-412D-91DC-AE5F42F84F3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-10] (Google Inc.)
Task: {F4B26AB1-80FE-4435-AECC-547B664B5BEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-10] (Google Inc.)
Task: {FBB736D1-B321-4480-9FF6-F566289182EA} - System32\Tasks\WpsExternal_HAL_20170613164559 => C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2017-06-13] (Zhuhai Kingsoft Office Software Co.,Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\WpsUpdateTask_HAL.job => C:\Users\HAL\AppData\Local\Kingsoft\WPS Office\10.2.0.5845\wtoolex\wpsupdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-06-12 14:49 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 14:49 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-15 11:07 - 2017-06-15 11:07 - 05678080 _____ () C:\Program Files\AVAST Software\Avast\defs\17061500\algo.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-06-12 14:59 - 2010-02-17 22:36 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 14:59 - 2010-02-11 17:53 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-10 14:37 - 2017-06-10 14:37 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HAL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: 0181801497051905mcinstcleanup => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: McSysmon => 3
MSCONFIG\Services: MpfService => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: wpscloudsvr => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^HAL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DSUpdateLauncher => "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
MSCONFIG\startupreg: mcagent_exe => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
MSCONFIG\startupreg: STToasterLauncher => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A858FD6A-B75C-4FCD-BE90-12154137FFD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
15-06-2017 13:37:41 JRT Pre-Junkware Removal
15-06-2017 21:49:02 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2017 08:50:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:10 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:10 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/15/2017 08:50:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/15/2017 08:50:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/15/2017 08:50:09 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/15/2017 08:50:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3540) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000E.log.
 
 
System errors:
=============
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/15/2017 08:50:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/15/2017 08:50:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/15/2017 08:50:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/15/2017 08:50:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/15/2017 08:50:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 4056.36 MB
Available physical RAM: 2817.71 MB
Total Virtual: 8110.88 MB
Available Virtual: 6854.51 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:197.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 17 June 2017 - 07:42 AM


No malicious malware was found.
I only suggest that your run this fix.
If you have issues with this computer please explain.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

#6 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 June 2017 - 08:38 AM

Hi Nasdaq,

Thank you for the fix. 

 

A few days ago I did a factory re-installation, but I think some issues developed after a few days. I went ahead to install service pack 1 for windows 7, but that made it crash into a blue screen, and it rebooted into fix mode. So currently it doesn't have service pack 1 and I have turned off all downloads. Instead, I'm relying on Avast, adblockers and malware scans to avoid problems. What would you recomend I do?



#7 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 June 2017 - 08:42 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by HAL (18-06-2017 14:29:04) Run:1
Running from C:\Users\HAL\Desktop
Loaded Profiles: HAL (Available Profiles: HAL)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => key removed successfully
C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\HAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2076829 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 608 B
Edge => 0 B
Chrome => 11980390 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83458 B
systemprofile32 => 424 B
LocalService => 66708 B
NetworkService => 66228 B
HAL => 1271075 B
 
RecycleBin => 0 B
EmptyTemp: => 22.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:29:18 ====

Hi Nasdaq,

Thank you for the fix. 

 

A few days ago I did a factory re-installation, but I think some issues developed after a few days. I went ahead to install service pack 1 for windows 7, but that made it crash into a blue screen, and it rebooted into fix mode. So currently it doesn't have service pack 1 and I have turned off all downloads. Instead, I'm relying on Avast, adblockers and malware scans to avoid problems. What would you recomend I do?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 18 June 2017 - 01:17 PM

Repair these services.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#9 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 June 2017 - 03:52 PM

Everything seemed to go smoothly. It rebooted fine.
 
05 - Repair WMI
   Start (18/06/2017 21:43:18)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Avast Antivirus Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Avast Antivirus Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (18/06/2017 21:44:40)
 
10 - Remove Policies Set By Infections
   Start (18/06/2017 21:44:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/06/2017 21:44:42)
 
17 - Repair Windows Updates
   Start (18/06/2017 21:44:42)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (18/06/2017 21:45:03)
 
21 - Repair MSI (Windows Installer)
   Start (18/06/2017 21:45:03)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/06/2017 21:45:14)
 
26 - Restore Important Windows Services
   Start (18/06/2017 21:45:14)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.17 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/06/2017 21:45:21)
 
27 - Set Windows Services To Default Startup
   Start (18/06/2017 21:45:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (18/06/2017 21:45:24)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (18/06/2017 21:45:24)
   Total Repair Time: 00:03:54
 
 
...YOU MUST RESTART YOUR SYSTEM...


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 19 June 2017 - 07:05 AM


Read the instructions on this page and install the Service Pack 1.
https://support.microsoft.com/en-ca/help/15090/windows-7-install-service-pack-1-sp1

Let me know if all is well.

#11 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 June 2017 - 04:31 AM

Hi Nasdaq,

I believe the installation of Service Pack 1 has gone smoothly. Seems to be running fine.



#12 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 June 2017 - 05:38 AM

Also, I just wondered if these files are anything to worry about?
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by HAL (Administrator) on 23/06/2017 at 11:33:25.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10YXFSUC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60FA1LXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IGXTEVQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4D50H4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECU3NTOT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSDELGC6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBDLL716 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\HAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXA2TYNJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10YXFSUC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60FA1LXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IGXTEVQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X4D50H4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECU3NTOT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSDELGC6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBDLL716 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXA2TYNJ (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/06/2017 at 11:37:01.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 23 June 2017 - 08:16 AM

That was just a cleanup.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users