Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both browsers will not connect to the internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 mc303m

mc303m

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 February 2018 - 02:42 PM

Hi, trying to repair a friends laptop, i have run malwarebytes and antispy free, removed a ton of stuff, tried an ipconfig/ flushdns  but still wont connect,  when using firefox i keep getting the message "your connection is not secure" i then go advanced and create an exception for google and get the same errors, here are the frst files

thank you in advance for any assistance

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Brent (administrator) on BRENT-PC (03-02-2018 19:23:34)
Running from E:\
Loaded Profiles: Brent (Available Profiles: Brent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2772264 2011-07-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\MountPoints2: {eb3797cc-3d93-11e5-af0b-78843ca2c14e} - E:\LaunchU3.exe -a
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8327
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8327
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8327
ProxyEnable: [S-1-5-21-3884677075-2059318211-2604563176-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3884677075-2059318211-2604563176-1000] => 127.0.0.1:8327
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [NameServer] 13.59.228.155
Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {F401A859-0EA8-4E7C-8B35-1736C9831FF0} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
FireFox:
========
FF DefaultProfile: bt1cgh67.default-1517661401600
FF ProfilePath: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600 [2018-02-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606"
CHR NewTab: Default ->  Not-active:"chrome-extension://hdnpalnihbhiafbnbpmflnidhljmgidj/newtab.html", Not-active:"chrome-extension://pmgkeimkiojpjcoiiipekfjaopchhjga/snt.html"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default [2018-02-03]
CHR Extension: (Gads) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcemlekmbgfffaahnofbeagjkmnhhmjl [2016-06-27]
CHR Extension: (RandFind) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjhgfjkgmhenaliodchabfogbclbkbe [2016-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-02]
CHR Extension: (Garbage Collector) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdmdicpdaccklohdjomliebdpeoocg [2016-10-06]
CHR HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 3fad85919dd74a49b118aa3a8decb5ec; C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe [21504 2017-12-07] () [File not signed]
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2018-02-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-03 19:22 - 2018-02-03 19:23 - 000000000 ____D C:\FRST
2018-02-03 13:22 - 2018-02-03 13:22 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-03 13:22 - 2018-02-03 13:22 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-03 13:18 - 2018-02-03 17:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 13:18 - 2018-02-03 17:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 13:18 - 2018-02-03 16:49 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4.job
2018-02-03 13:18 - 2018-02-03 16:49 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9.job
2018-02-03 13:18 - 2018-02-03 13:18 - 000003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4
2018-02-03 13:18 - 2018-02-03 13:18 - 000003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9
2018-02-03 13:18 - 2018-02-03 13:18 - 000000000 ____D C:\Users\Brent\AppData\Roaming\SUPERAntiSpyware.com
2018-02-03 13:17 - 2018-02-03 13:36 - 000001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-02-03 13:17 - 2018-02-03 13:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-03 13:17 - 2018-02-03 13:17 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-02-03 13:17 - 2018-02-03 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-02-03 13:16 - 2018-02-03 13:12 - 031758672 _____ (SUPERAntiSpyware) C:\Users\Brent\Desktop\SUPERAntiSpyware.exe
2018-02-03 13:16 - 2018-02-03 13:10 - 000050688 _____ (Atribune.org) C:\Users\Brent\Desktop\ATF-Cleaner.exe
2018-02-03 12:36 - 2018-02-03 12:36 - 000000000 ____D C:\Users\Brent\Desktop\Old Firefox Data
2018-02-03 12:30 - 2018-02-03 12:30 - 000000000 ____D C:\Users\Brent\AppData\Local\ElevatedDiagnostics
2018-02-03 09:32 - 2018-02-03 09:32 - 000000634 _____ C:\Users\Brent\Desktop\myuninst.cfg
2018-02-02 13:36 - 2018-02-02 13:36 - 000003152 _____ C:\Windows\System32\Tasks\{49FF717C-02F3-4987-A8A6-87DB1F38A58F}
2018-02-02 13:20 - 2018-02-03 09:04 - 000000000 ____D C:\Users\Brent\Desktop\myuninst
2018-02-02 13:19 - 2018-02-02 13:16 - 000049498 _____ C:\Users\Brent\Desktop\myuninst.zip
2018-02-02 12:43 - 2018-02-02 12:43 - 000002984 _____ C:\Windows\System32\Tasks\{E1F7DD2C-D9CC-4A77-98D7-48D3BC7FFCA8}
2018-02-02 12:42 - 2018-02-02 12:42 - 000002984 _____ C:\Windows\System32\Tasks\{B9D5B873-ABA0-4DDA-93AF-8BB3F5A2C976}
2018-02-02 12:06 - 2018-02-03 18:09 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-02 12:05 - 2018-02-02 12:05 - 000001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2015-04-14 09:37 - 000107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2018-02-02 12:03 - 2017-02-17 10:39 - 021546080 _____ (Malwarebytes Corporation ) C:\Users\Brent\Desktop\mbam-setup-consumer-2.1.6.1022.exe
2018-02-02 10:27 - 2018-02-03 14:10 - 000550096 _____ C:\Windows\ntbtlog.txt
2018-01-14 09:50 - 2018-01-14 09:50 - 005845504 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-03 19:25 - 2015-12-15 08:59 - 000000258 _____ C:\Windows\Tasks\FierIsl73.job
2018-02-03 19:12 - 2016-11-17 18:40 - 000000000 ____D C:\Users\Brent\AppData\LocalLow\Mozilla
2018-02-03 18:28 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-03 18:28 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-03 18:07 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-03 18:00 - 2017-12-08 13:48 - 000000000 ____D C:\Users\Brent\AppData\Roaming\efixmypc.com
2018-02-03 18:00 - 2017-12-08 13:47 - 000000000 ____D C:\ProgramData\efixmypc.com
2018-02-03 18:00 - 2015-12-15 08:59 - 000000000 ____D C:\Users\Brent\AppData\Local\ScaOf995
2018-02-03 16:48 - 2017-12-07 17:36 - 000000000 ____D C:\Users\Brent\AppData\Roaming\input
2018-02-03 13:22 - 2015-06-20 04:41 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 13:17 - 2009-07-14 05:13 - 000782518 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-03 13:17 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-02-03 12:31 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-03 10:28 - 2015-12-15 08:59 - 000000256 _____ C:\Windows\Tasks\GoldCurv354.job
2018-01-22 08:28 - 2009-07-14 05:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-14 09:50 - 2015-05-13 13:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-14 09:50 - 2015-05-13 13:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-14 09:50 - 2015-05-13 13:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-13 09:07 - 2015-11-23 16:09 - 000000000 ____D C:\Users\Brent\AppData\Local\SlimWare Utilities Inc
2018-01-11 09:44 - 2015-05-19 09:11 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 09:29 - 2017-10-14 10:12 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 09:29 - 2015-05-19 09:10 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2017-12-08 13:49 - 2017-12-08 13:49 - 000019658 _____ () C:\Users\Brent\AppData\Roaming\Gegem
2016-04-01 19:43 - 2016-04-01 19:43 - 000000004 _____ () C:\Users\Brent\AppData\Roaming\pllchannel.txt
2017-12-07 17:36 - 2017-12-07 17:36 - 002812928 _____ () C:\Users\Brent\AppData\Roaming\_temp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-28 17:05
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Brent (03-02-2018 19:25:08)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2015-05-13 11:51:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3884677075-2059318211-2604563176-500 - Administrator - Disabled)
Brent (S-1-5-21-3884677075-2059318211-2604563176-1000 - Administrator - Enabled) => C:\Users\Brent
Guest (S-1-5-21-3884677075-2059318211-2604563176-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3884677075-2059318211-2604563176-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
EPSON Attach To Email (HKLM-x32\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM-x32\...\{D02F30FB-0BC4-419A-9B9C-ADC610029B50}) (Version: 1.3.2.0 - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.41.00 - SEIKO EPSON CORPORATION)
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.5 - Synaptics Incorporated)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A50CBE2-9382-451F-BDB5-12C69074AA30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {0B69018E-AE0B-49C0-A375-9326584F1902} - System32\Tasks\GoldCurv354 => C:\Users\Brent\AppData\Local\SkillSton4\Sklist.exe
Task: {12BBA773-C864-49E1-AC3F-55FECFD854F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {35653389-8599-4DDE-8B58-F6FFE1908671} - System32\Tasks\{B9D5B873-ABA0-4DDA-93AF-8BB3F5A2C976} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {564E14CB-2E3D-4F80-B29D-BBF6183BC384} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-14] (Adobe Systems Incorporated)
Task: {63306B31-68A7-41C7-AB73-0B931595B57A} - System32\Tasks\{E1F7DD2C-D9CC-4A77-98D7-48D3BC7FFCA8} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {7F8AC59B-5DD8-4120-930E-10F1A36F50C9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8D725810-2A1D-422D-B116-E2E24E3A95AD} - System32\Tasks\AdobeAAMUpdater-1.0-Brent-PC-Brent => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated)
Task: {9DEFAC27-2444-49ED-AE5E-66D8B114AE0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B812EC50-DA4C-47F3-A5E6-5B28B73659F1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3884677075-2059318211-2604563176-1000
Task: {E3839DE9-7AB7-4C75-9BBA-3A90FB7E815C} - \Sixth -> No File <==== ATTENTION
Task: {E44D06C2-DC9F-4BF5-9127-14943EE3D21A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EC3C887C-6036-45C3-B113-DEEC663B2B21} - System32\Tasks\{F9E61F6D-3B59-4744-9965-12A60368B01F} => C:\Windows\system32\pcalua.exe -a C:\Users\Brent\Downloads\epson374892eu.exe -d C:\Users\Brent\Downloads
Task: {F71D9854-DFBD-4A1E-B868-83A76E75F500} - System32\Tasks\{49FF717C-02F3-4987-A8A6-87DB1F38A58F} => C:\Windows\system32\pcalua.exe -a C:\Users\Brent\Desktop\myuninst\myuninst.exe -d C:\Users\Brent\Desktop\myuninst
Task: {FF96E59D-66C8-48E9-A467-6E0360EFEE2C} - System32\Tasks\FierIsl73 => C:\Users\Brent\AppData\Local\SKILLS~1\Skrecycle.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FierIsl73.job => C:\Users\Brent\AppData\Local\SKILLS~1\Skrecycle.exe
Task: C:\Windows\Tasks\GoldCurv354.job => C:\Users\Brent\AppData\Local\SkillSton4\Sklist.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-12-07 17:36 - 2017-12-07 17:36 - 000021504 _____ () C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2015-05-13 14:40 - 000001728 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 13.59.228.155
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FC4E78AB-949A-490D-86E1-A8CB6DBA79AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
23-01-2018 10:24:26 Windows Update
30-01-2018 01:21:06 Windows Update
30-01-2018 07:48:45 Windows Update
30-01-2018 08:13:57 Windows Update
31-01-2018 08:10:00 Windows Update
03-02-2018 09:27:20 Removed WeatherBuddy
03-02-2018 09:29:11 Removed Google Update Helper
03-02-2018 09:30:06 Removed Google Update Helper
03-02-2018 10:06:28 Windows Update
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2018 06:09:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 06:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 04:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 01:27:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 09:52:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 09:36:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2018 09:23:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/02/2018 01:21:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 598
Start Time: 01d39c1be0113cbf
Termination Time: 3573
Application Path: C:\Windows\Explorer.EXE
Report Id: e4a0b9dd-081b-11e8-ab88-78843ca2c14e
Error: (02/02/2018 12:39:09 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.
Error: (02/02/2018 12:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUICnt.exe, version: 8.3.3037.0, time stamp: 0x584adc85
Faulting module name: ieframe.dll, version: 11.0.9600.18860, time stamp: 0x5a0a58f2
Exception code: 0xc000041d
Fault offset: 0x00000000000033d7
Faulting process id: 0xbe0
Faulting application start time: 0x01d39c220ad76b21
Faulting application path: C:\Program Files\McAfee Security Scan\3.11.599\McUICnt.exe
Faulting module path: C:\Windows\System32\ieframe.dll
Report Id: ad3860c3-0815-11e8-ab88-78843ca2c14e

System errors:
=============
Error: (02/03/2018 07:21:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (02/03/2018 07:21:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (02/03/2018 07:21:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (02/03/2018 07:21:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (02/03/2018 06:09:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The 3fad85919dd74a49b118aa3a8decb5ec service hung on starting.
Error: (02/03/2018 06:07:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/03/2018 06:06:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (02/03/2018 06:05:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The 3fad85919dd74a49b118aa3a8decb5ec service hung on starting.
Error: (02/03/2018 06:04:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (02/03/2018 04:51:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The 3fad85919dd74a49b118aa3a8decb5ec service hung on starting.

==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 2666.9 MB
Available physical RAM: 775.49 MB
Total Virtual: 5331.99 MB
Available Virtual: 3075.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:332.77 GB) NTFS
Drive e: () (Removable) (Total:14.42 GB) (Free:10.91 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6E9886D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 53D1AB6A)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
==================== End of Addition.txt ============================
 

 

 



BC AdBot (Login to Remove)

 


#2 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 04 February 2018 - 12:39 PM

Hello,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please give me a little bit to look over the logs you posted, and I will post back here again as soon as I can.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Sincerely,
Sasschary



#3 mc303m

mc303m
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 February 2018 - 12:58 PM

Thank you Zach :)



#4 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 07 February 2018 - 08:37 AM

Hi mc303m,

As I said earlier, my name is Zach, but you may call me what you want, and I will be working with you to get your computer working again.

I will do my best to get your computer up and running as quickly as possible! However, there are a few things which I will need you to do if we want this process to go smoothly:

  • I need your system to stay in the state that it is at the last time I give you instructions. In other words, please do not do anything to your computer unless I have instructed you to do so.
  • If you do not understand an instruction, please stop immediately and tell me what you do not understand.
  • If there is something which seems to be working improperly, please stop and tell me what has happened.

Now that we've got that settled, let's get started...

It doesn't seem like you have any antivirus software running on your computer. Without running any antivirus programs, your computer is at a much higher risk of infection, since there is nothing preventing malware from running on your PC. As such, later, we will need to download and install an antivirus program.

I personally use Avast!, which has a free version with a few limitations. If you want the full version, it is available, but the free edition should work just fine. You can download Avast! here.

Other free antivirus programs which are available are Avira, BitDefender, and AVG. For other free antivirus softwares, you can look at this article.

Note: You should only install one antivirus program. Having more than one installed can cause conflicts if both softwares try to quarantine the same infection, and it can slow down your computer.

It looks like you may have some illegal software installed on your computer.

Installing illegal programs brings a high risk of bringing infection. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal. I ask that you remove any pirated software before continuing. Please also be aware that some of the tools we use may remove cracked files, which could leave pirated software in an unstable and crash-prone state.

Let's run a fix using FRST.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    CloseProcesses:
    C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe
    R2 3fad85919dd74a49b118aa3a8decb5ec; C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe [21504 2017-12-07] () [File not signed]
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction - Chrome <==== ATTENTION
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => 127.0.0.1:8327
    ProxyEnable: [S-1-5-19] => Proxy is enabled.
    ProxyServer: [S-1-5-19] => 127.0.0.1:8327
    ProxyEnable: [S-1-5-20] => Proxy is enabled.
    ProxyServer: [S-1-5-20] => 127.0.0.1:8327
    ProxyEnable: [S-1-5-21-3884677075-2059318211-2604563176-1000] => Proxy is enabled.
    ProxyServer: [S-1-5-21-3884677075-2059318211-2604563176-1000] => 127.0.0.1:8327 
    Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [NameServer] 13.59.228.155 
    CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
    CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606" 
    VirusTotal: C:\Users\Brent\AppData\Local\SkillSton4\Sklist.exe;C:\Users\Brent\AppData\Local\SkillSton4\Skrecycle.exe
     C:\Users\Brent\AppData\Roaming\efixmypc.com
    C:\ProgramData\efixmypc.com 
    C:\Users\Brent\AppData\Local\ScaOf995
    C:\Users\Brent\AppData\Roaming\input 
    Folder: C:\Users\Brent\AppData\Roaming\Gegem 
    C:\Users\Brent\AppData\Roaming\_temp.exe 
    Task: {E3839DE9-7AB7-4C75-9BBA-3A90FB7E815C} - \Sixth -> No File <==== ATTENTION 
    Hosts:
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to your desktop.
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to run the fixlist.

  • From your desktop, right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completed, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

If FRST did not reboot your computer, please do so now.

Let's remove a Chrome extension.

  • Please open Google Chrome from your Start Menu.
  • When Chrome opens, copy and paste chrome://extensions into the URL bar and press Enter on your keyboard.
  • Find each of the following extensions, or extensions with similar names, in the list, then click the garbage icon on the far right of the list. Then, click Remove to confirm that you want to remove the extension.
    • Simple New Tab

Next, please generate a new FRST log, as you had done initially, then copy and paste that into your next reply.

Finally, please test your internet, and tell me if your internet connectivity has returned.

In your next reply, please include the following:

  • Fixlog.txt
  • FRST.txt

sasschary



#5 mc303m

mc303m
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 07 February 2018 - 10:20 AM

Thank you Zach files below as requested, yes i can access the internet, also installed Avast to the machine.

Thank you so much :)

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Brent (07-02-2018 13:53:46) Run:1
Running from C:\Users\Brent\Desktop\files
Loaded Profiles: Brent (Available Profiles: Brent)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe
R2 3fad85919dd74a49b118aa3a8decb5ec; C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe [21504 2017-12-07] () [File not signed]
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction - Chrome <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8327
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8327
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8327
ProxyEnable: [S-1-5-21-3884677075-2059318211-2604563176-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3884677075-2059318211-2604563176-1000] => 127.0.0.1:8327
Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [NameServer] 13.59.228.155
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606"
VirusTotal: C:\Users\Brent\AppData\Local\SkillSton4\Sklist.exe;C:\Users\Brent\AppData\Local\SkillSton4\Skrecycle.exe
 C:\Users\Brent\AppData\Roaming\efixmypc.com
C:\ProgramData\efixmypc.com
C:\Users\Brent\AppData\Local\ScaOf995
C:\Users\Brent\AppData\Roaming\input
Folder: C:\Users\Brent\AppData\Roaming\Gegem
C:\Users\Brent\AppData\Roaming\_temp.exe
Task: {E3839DE9-7AB7-4C75-9BBA-3A90FB7E815C} - \Sixth -> No File <==== ATTENTION
Hosts:
*****************
Processes closed successfully.
C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe => moved successfully
"HKLM\System\CurrentControlSet\Services\3fad85919dd74a49b118aa3a8decb5ec" => removed successfully
3fad85919dd74a49b118aa3a8decb5ec => service removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}\\NameServer" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"VirusTotal: C:\Users\Brent\AppData\Local\SkillSton4\Sklist.exe" => not found
"VirusTotal: C:\Users\Brent\AppData\Local\SkillSton4\Skrecycle.exe" => not found
C:\Users\Brent\AppData\Roaming\efixmypc.com => moved successfully
C:\ProgramData\efixmypc.com => moved successfully
C:\Users\Brent\AppData\Local\ScaOf995 => moved successfully
C:\Users\Brent\AppData\Roaming\input => moved successfully
========================= Folder: C:\Users\Brent\AppData\Roaming\Gegem ========================
C:\Users\Brent\AppData\Roaming\Gegem => File
====== End of Folder: ======
C:\Users\Brent\AppData\Roaming\_temp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3839DE9-7AB7-4C75-9BBA-3A90FB7E815C} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3839DE9-7AB7-4C75-9BBA-3A90FB7E815C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth => key not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

The system needed a reboot.
==== End of Fixlog 13:53:50 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Brent (administrator) on BRENT-PC (07-02-2018 14:05:44)
Running from C:\Users\Brent\Desktop\files\New folder
Loaded Profiles: Brent (Available Profiles: Brent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2772264 2011-07-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\MountPoints2: {eb3797cc-3d93-11e5-af0b-78843ca2c14e} - E:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {F401A859-0EA8-4E7C-8B35-1736C9831FF0} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
FireFox:
========
FF DefaultProfile: bt1cgh67.default-1517661401600
FF ProfilePath: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600 [2018-02-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606"
CHR NewTab: Default ->  Not-active:"chrome-extension://hdnpalnihbhiafbnbpmflnidhljmgidj/newtab.html"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (SearchLock) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2018-02-07]
CHR Extension: (Gads) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcemlekmbgfffaahnofbeagjkmnhhmjl [2016-06-27]
CHR Extension: (RandFind) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjhgfjkgmhenaliodchabfogbclbkbe [2016-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR Extension: (Garbage Collector) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdmdicpdaccklohdjomliebdpeoocg [2016-10-06]
CHR HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2018-02-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-03 19:26 - 2018-02-07 13:56 - 000000000 ____D C:\Users\Brent\Desktop\files
2018-02-03 19:22 - 2018-02-07 14:05 - 000000000 ____D C:\FRST
2018-02-03 13:22 - 2018-02-03 13:22 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-03 13:22 - 2018-02-03 13:22 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-03 13:18 - 2018-02-07 13:46 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9.job
2018-02-03 13:18 - 2018-02-04 05:06 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4.job
2018-02-03 13:18 - 2018-02-03 17:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 13:18 - 2018-02-03 17:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 13:18 - 2018-02-03 13:18 - 000003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 71366120-7d18-48d6-a7ba-b8a4933f35e4
2018-02-03 13:18 - 2018-02-03 13:18 - 000003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 6bde9c93-5f8c-4630-b561-c9f9a89db1c9
2018-02-03 13:18 - 2018-02-03 13:18 - 000000000 ____D C:\Users\Brent\AppData\Roaming\SUPERAntiSpyware.com
2018-02-03 13:17 - 2018-02-07 13:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-03 13:17 - 2018-02-03 13:36 - 000001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-02-03 13:17 - 2018-02-03 13:17 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-02-03 13:17 - 2018-02-03 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-02-03 13:16 - 2018-02-03 13:12 - 031758672 _____ (SUPERAntiSpyware) C:\Users\Brent\Desktop\SUPERAntiSpyware.exe
2018-02-03 13:16 - 2018-02-03 13:10 - 000050688 _____ (Atribune.org) C:\Users\Brent\Desktop\ATF-Cleaner.exe
2018-02-03 12:36 - 2018-02-03 12:36 - 000000000 ____D C:\Users\Brent\Desktop\Old Firefox Data
2018-02-03 12:30 - 2018-02-03 12:30 - 000000000 ____D C:\Users\Brent\AppData\Local\ElevatedDiagnostics
2018-02-03 09:32 - 2018-02-03 09:32 - 000000634 _____ C:\Users\Brent\Desktop\myuninst.cfg
2018-02-02 13:36 - 2018-02-02 13:36 - 000003152 _____ C:\Windows\System32\Tasks\{49FF717C-02F3-4987-A8A6-87DB1F38A58F}
2018-02-02 13:20 - 2018-02-03 09:04 - 000000000 ____D C:\Users\Brent\Desktop\myuninst
2018-02-02 13:19 - 2018-02-02 13:16 - 000049498 _____ C:\Users\Brent\Desktop\myuninst.zip
2018-02-02 12:43 - 2018-02-02 12:43 - 000002984 _____ C:\Windows\System32\Tasks\{E1F7DD2C-D9CC-4A77-98D7-48D3BC7FFCA8}
2018-02-02 12:42 - 2018-02-02 12:42 - 000002984 _____ C:\Windows\System32\Tasks\{B9D5B873-ABA0-4DDA-93AF-8BB3F5A2C976}
2018-02-02 12:06 - 2018-02-03 18:09 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-02 12:05 - 2018-02-02 12:05 - 000001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2015-04-14 09:37 - 000107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2018-02-02 12:03 - 2017-02-17 10:39 - 021546080 _____ (Malwarebytes Corporation ) C:\Users\Brent\Desktop\mbam-setup-consumer-2.1.6.1022.exe
2018-02-02 10:27 - 2018-02-03 14:10 - 000550096 _____ C:\Windows\ntbtlog.txt
2018-01-14 09:50 - 2018-01-14 09:50 - 005845504 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-07 14:05 - 2015-12-15 08:59 - 000000258 _____ C:\Windows\Tasks\FierIsl73.job
2018-02-07 14:00 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-07 13:58 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-07 13:58 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-07 13:55 - 2016-01-31 18:04 - 000000008 __RSH C:\Users\Brent\ntuser.pol
2018-02-07 13:55 - 2015-05-13 11:51 - 000000000 ____D C:\Users\Brent
2018-02-07 13:53 - 2017-12-07 17:36 - 000000000 ____D C:\Windows\3fad85919dd74a49b118aa3a8decb5ec
2018-02-07 13:53 - 2009-07-14 03:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-02-07 13:53 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-07 13:50 - 2009-07-14 05:13 - 000782518 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-07 13:50 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-02-07 13:46 - 2015-12-15 08:59 - 000000256 _____ C:\Windows\Tasks\GoldCurv354.job
2018-02-03 19:38 - 2016-11-17 18:40 - 000000000 ____D C:\Users\Brent\AppData\LocalLow\Mozilla
2018-02-03 13:22 - 2015-06-20 04:41 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 12:31 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-22 08:28 - 2009-07-14 05:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-14 09:50 - 2015-05-13 13:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-14 09:50 - 2015-05-13 13:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-14 09:50 - 2015-05-13 13:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-13 09:07 - 2015-11-23 16:09 - 000000000 ____D C:\Users\Brent\AppData\Local\SlimWare Utilities Inc
2018-01-11 09:44 - 2015-05-19 09:11 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 09:29 - 2017-10-14 10:12 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 09:29 - 2015-05-19 09:10 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2017-12-08 13:49 - 2017-12-08 13:49 - 000019658 _____ () C:\Users\Brent\AppData\Roaming\Gegem
2016-04-01 19:43 - 2016-04-01 19:43 - 000000004 _____ () C:\Users\Brent\AppData\Roaming\pllchannel.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 13:47
==================== End of FRST.txt ============================

Edited by mc303m, 07 February 2018 - 10:21 AM.


#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 07 February 2018 - 04:35 PM

Hi mc303m,

Let's run another fix using FRST.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    C:\Users\Brent\AppData\Roaming\Google\Chrome\User Data\Default\Extensions\hdnpalnihbhiafbnbpmflnidhljmgidj
    CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606"
    C:\Windows\Tasks\FierIsl73.job
    C:\Windows\Tasks\GoldCurv354.job
    C:\Users\Brent\AppData\Roaming\Gegem
    C:\Users\Brent\AppData\Local\SkillSton4
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to your desktop.
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to run the fixlist.

  • From your desktop, right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completed, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

Afterward, please generate one more FRST log as you have done before.

 

Additionally, please just give me an update on how your computer seems to be performing in comparison to how it was when you started this thread.

In your next reply, please include the following:

  • Fixlog.txt
  • FRST.txt
  • How is your PC performing?

sasschary



#7 mc303m

mc303m
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 February 2018 - 05:18 AM

Good morning Zach,

 

Files as per request :)

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07.02.2018 01
Ran by Brent (08-02-2018 09:57:25) Run:3
Running from C:\Users\Brent\Desktop\files\new files
Loaded Profiles: Brent (Available Profiles: Brent)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\Brent\AppData\Roaming\Google\Chrome\User Data\Default\Extensions\hdnpalnihbhiafbnbpmflnidhljmgidj
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://www.google.com/","hxxp://search.socialdownloadr.com/?channel=scd5&pt2610=2&t=1A79ED6BB3940606"
C:\Windows\Tasks\FierIsl73.job
C:\Windows\Tasks\GoldCurv354.job
C:\Users\Brent\AppData\Roaming\Gegem
C:\Users\Brent\AppData\Local\SkillSton4
*****************
"C:\Users\Brent\AppData\Roaming\Google\Chrome\User Data\Default\Extensions\hdnpalnihbhiafbnbpmflnidhljmgidj" => not found
"Chrome StartupUrls" => removed successfully
C:\Windows\Tasks\FierIsl73.job => moved successfully
C:\Windows\Tasks\GoldCurv354.job => moved successfully
C:\Users\Brent\AppData\Roaming\Gegem => moved successfully
C:\Users\Brent\AppData\Local\SkillSton4 => moved successfully
==== End of Fixlog 09:57:26 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.02.2018 01
Ran by Brent (administrator) on BRENT-PC (08-02-2018 09:58:16)
Running from C:\Users\Brent\Desktop\files\new files
Loaded Profiles: Brent (Available Profiles: Brent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2772264 2011-07-25] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-02-07] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.)
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\...\MountPoints2: {eb3797cc-3d93-11e5-af0b-78843ca2c14e} - E:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8327
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7646A576-FFE9-43B5-B88F-689BD7BB2398}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {F401A859-0EA8-4E7C-8B35-1736C9831FF0} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-07] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-07] (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
FireFox:
========
FF DefaultProfile: bt1cgh67.default-1517661401600
FF ProfilePath: C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600 [2018-02-07]
FF Extension: (Avast SafePrice) - C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600\Extensions\sp@avast.com.xpi [2018-02-07]
FF Extension: (Avast Online Security) - C:\Users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600\Extensions\wrc@avast.com.xpi [2018-02-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_15_48&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0D0B0FtCtCyD0D0AyEtCtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyByDzzyC0FtGyE0DyC0CtGtCtB0EzytGyEzzyCyDtGyByCtD0CyDyByEyCyEyEyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0AyD0EtD0CtBtGtCzz0EyBtGyEyCyBtBtGzztD0D0BtGzzzyyEzyzztC0ByEtC0EtB0F2QtN0A0LzuyE%26cr%3D1118670933%26a%3Dwncy_instlmtrx_15_48%26os%3DWindows%2B7%2BHome%2BPremium
CHR NewTab: Default ->  Not-active:"chrome-extension://hdnpalnihbhiafbnbpmflnidhljmgidj/newtab.html"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default [2018-02-08]
CHR Extension: (SearchLock) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2018-02-07]
CHR Extension: (Gads) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcemlekmbgfffaahnofbeagjkmnhhmjl [2016-06-27]
CHR Extension: (RandFind) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjhgfjkgmhenaliodchabfogbclbkbe [2016-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR Extension: (Garbage Collector) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdmdicpdaccklohdjomliebdpeoocg [2016-10-06]
CHR HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-02-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-02-07] (AVAST Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-02-07] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-02-07] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-02-07] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-02-07] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-02-07] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-02-07] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-02-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-02-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-02-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-02-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-02-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-02-07] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-02-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-02-07] (AVAST Software)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2018-02-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-08 09:51 - 2018-02-08 09:51 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-07 14:31 - 2018-02-07 14:31 - 000000000 ____D C:\Users\Brent\AppData\Roaming\AVAST Software
2018-02-07 14:30 - 2018-02-07 14:30 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-07 14:30 - 2018-02-07 14:30 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-02-07 14:30 - 2018-02-07 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-02-07 14:30 - 2018-02-07 14:30 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-02-07 14:29 - 2018-02-07 14:30 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-02-07 14:29 - 2018-02-07 14:30 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-02-07 14:29 - 2018-02-07 14:29 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-07 14:29 - 2018-02-07 14:28 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-02-07 14:29 - 2018-02-07 14:28 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-02-07 14:29 - 2018-02-07 14:28 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-02-07 14:22 - 2018-02-07 14:22 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-07 14:21 - 2018-02-07 14:28 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-07 14:20 - 2018-02-07 14:20 - 007172032 _____ (AVAST Software) C:\Users\Brent\Desktop\avast_free_antivirus_setup_online.exe
2018-02-07 14:10 - 2018-02-07 14:16 - 000000000 ____D C:\Users\Brent\AppData\Local\Adobe
2018-02-03 19:26 - 2018-02-08 09:56 - 000000000 ____D C:\Users\Brent\Desktop\files
2018-02-03 19:22 - 2018-02-08 09:58 - 000000000 ____D C:\FRST
2018-02-03 13:22 - 2018-02-03 13:22 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-03 13:22 - 2018-02-03 13:22 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-03 13:18 - 2018-02-03 17:27 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 13:18 - 2018-02-03 17:27 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 13:16 - 2018-02-03 13:12 - 031758672 _____ (SUPERAntiSpyware) C:\Users\Brent\Desktop\SUPERAntiSpyware.exe
2018-02-03 13:16 - 2018-02-03 13:10 - 000050688 _____ (Atribune.org) C:\Users\Brent\Desktop\ATF-Cleaner.exe
2018-02-03 12:36 - 2018-02-03 12:36 - 000000000 ____D C:\Users\Brent\Desktop\Old Firefox Data
2018-02-03 12:30 - 2018-02-03 12:30 - 000000000 ____D C:\Users\Brent\AppData\Local\ElevatedDiagnostics
2018-02-03 09:32 - 2018-02-07 14:51 - 000000634 _____ C:\Users\Brent\Desktop\myuninst.cfg
2018-02-02 13:36 - 2018-02-02 13:36 - 000003152 _____ C:\Windows\System32\Tasks\{49FF717C-02F3-4987-A8A6-87DB1F38A58F}
2018-02-02 13:20 - 2018-02-03 09:04 - 000000000 ____D C:\Users\Brent\Desktop\myuninst
2018-02-02 13:19 - 2018-02-02 13:16 - 000049498 _____ C:\Users\Brent\Desktop\myuninst.zip
2018-02-02 12:43 - 2018-02-02 12:43 - 000002984 _____ C:\Windows\System32\Tasks\{E1F7DD2C-D9CC-4A77-98D7-48D3BC7FFCA8}
2018-02-02 12:42 - 2018-02-02 12:42 - 000002984 _____ C:\Windows\System32\Tasks\{B9D5B873-ABA0-4DDA-93AF-8BB3F5A2C976}
2018-02-02 12:06 - 2018-02-03 18:09 - 000136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-02-02 12:05 - 2018-02-02 12:05 - 000001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-02 12:05 - 2018-02-02 12:05 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-02-02 12:05 - 2015-04-14 09:37 - 000107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2018-02-02 12:05 - 2015-04-14 09:37 - 000025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2018-02-02 12:03 - 2017-02-17 10:39 - 021546080 _____ (Malwarebytes Corporation ) C:\Users\Brent\Desktop\mbam-setup-consumer-2.1.6.1022.exe
2018-02-02 10:27 - 2018-02-03 14:10 - 000550096 _____ C:\Windows\ntbtlog.txt
2018-01-14 09:50 - 2018-01-14 09:50 - 005845504 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-08 09:51 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-07 15:28 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-07 15:28 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-07 15:13 - 2017-10-18 12:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-07 15:13 - 2015-05-13 14:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-07 15:05 - 2016-11-17 18:40 - 000000000 ____D C:\Users\Brent\AppData\LocalLow\Mozilla
2018-02-07 15:04 - 2015-05-13 14:19 - 000000000 ____D C:\Users\Brent\AppData\Roaming\Mozilla
2018-02-07 13:55 - 2016-01-31 18:04 - 000000008 __RSH C:\Users\Brent\ntuser.pol
2018-02-07 13:55 - 2015-05-13 11:51 - 000000000 ____D C:\Users\Brent
2018-02-07 13:53 - 2017-12-07 17:36 - 000000000 ____D C:\Windows\3fad85919dd74a49b118aa3a8decb5ec
2018-02-07 13:53 - 2009-07-14 03:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-02-07 13:53 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-07 13:50 - 2009-07-14 05:13 - 000782518 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-07 13:50 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-02-03 13:22 - 2015-06-20 04:41 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 12:31 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-22 08:28 - 2009-07-14 05:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-14 09:50 - 2015-05-13 13:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-14 09:50 - 2015-05-13 13:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-14 09:50 - 2015-05-13 13:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-14 09:50 - 2015-05-13 13:58 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-13 09:07 - 2015-11-23 16:09 - 000000000 ____D C:\Users\Brent\AppData\Local\SlimWare Utilities Inc
2018-01-11 09:44 - 2015-05-19 09:11 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 09:29 - 2017-10-14 10:12 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 09:29 - 2015-05-19 09:10 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-04-01 19:43 - 2016-04-01 19:43 - 000000004 _____ () C:\Users\Brent\AppData\Roaming\pllchannel.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 13:47
==================== End of FRST.txt ============================

 

Its not my pc so I cant really judge on its speed, however it's only running on an AMD dual core so I don't expect it to "fly".  three separate browsers can access the internet and also stream video, so I presume it is working ok considering it's spec! 

 

Thank you so much Zach your assistance and skills have been priceless :)

 

Regards

Richard :)



#8 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 08 February 2018 - 11:29 AM

Hi mc303m,

You are very welcome. I have a couple more things to clean up, but I think we should be nearly done.

Let's run a fix using FRST.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
    
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to the location where FRST is saved..
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to run the fixlist.

  • From your desktop, right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completed, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

Let's run a scan using ESET's Online Scanner

  • Disable your current antivirus software. If you need help with this, please ask me for assistance before continuing.
  • Click Scan Now from here and save the file to your desktop.
  • On your desktop, right click the ESET file you just downloaded and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow ESET to run.
  • When the scanner opens, clieck Accept.
  • Click the radio button next to Enable detection of potentially unwanted applications.
  • Click Advanced settings.
  • In the advanced settings section, make sure the following settings are checked and that all others are unchecked.
    • Enable detection of potentially unsafe applications
    • Scan archives
    • Enable Anti-Stealth technology
    • Clean threats automatically
  • Click Scan.
  • Allow the scan to run. After it has completed, if any threats are found, click List Found Threats. If no threats are found, click Finish and skip to step number 14.
  • Click Export.
  • Save the file on your desktop as ESETScan.txt.
  • Click Back and then Finish to close the scanner.
  • Finally, re-enable your antivirus. I can help with this if you need it.

On your desktop, if there were any threats, should be the log that we saved from ESET. Please open it, then copy and paste the contents into your next reply.

In your next reply, please include the following:

  • Fixlog.txt
  • ESETScan.txt

sasschary



#9 mc303m

mc303m
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 February 2018 - 03:22 PM

Hi Zach, as requested :)

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07.02.2018 01
Ran by Brent (08-02-2018 16:44:03) Run:4
Running from E:\new files
Loaded Profiles: Brent (Available Profiles: Brent)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3884677075-2059318211-2604563176-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.socialdownloadr.com/search.php?channel=scd4pll2&t=1A79ED6BB3940606&pllc=ffai&q={searchTerms}
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3884677075-2059318211-2604563176-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found
==== End of Fixlog 16:44:08 ====

 

 

C:\FRST\Quarantine\C\Users\Brent\AppData\Roaming\Gegem.xBAD VBS/Kryptik.DY trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\Brent\AppData\Roaming\_temp.exe.xBAD a variant of MSIL/Adware.MyBeeSearch.F application cleaned by deleting
C:\FRST\Quarantine\C\Users\Brent\AppData\Roaming\input\winsrcsrv_1.exe a variant of MSIL/Adware.MyBeeSearch.F application cleaned by deleting
C:\FRST\Quarantine\C\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec.exe.xBAD a variant of MSIL/Adware.MyBeeSearch.D application cleaned by deleting
C:\Program Files\Adobe\Photoshop Elements 13\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting
C:\Users\Brent\AppData\Local\Downloaded Installers\{055C7DA5-A1F5-41FB-932C-82474ED3487A}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdmdicpdaccklohdjomliebdpeoocg\2.0.1_0\ccd16.js JS/Agent.NSX trojan cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\2511-i-tonya[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\734-kidnap-capital[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\ill%20at%20ease[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\i[3].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\xti[3].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\xti[4].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0BUA1SFI\xti[5].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0Z8RJJ2E\click[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0Z8RJJ2E\player[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1P03JU9C\1IHR0V8F.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1P03JU9C\2525-non-transferable[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1P03JU9C\292358331384[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1P03JU9C\search[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RWRJJC1\723[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RWRJJC1\723[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RWRJJC1\motors[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RWRJJC1\search[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\2106-the-show[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\coinhive.min[1].js JS/CoinMiner.D potentially unwanted application cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\msie2[1].htm HTML/FakeAlert.MR trojan cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\sync[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\wvnNWBvQ-wheeler-dealers-season-14[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\xtiAYHMINC2.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\xtiDHR72STT.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4H9XCHF7\xti[10].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJ85XUZA\2630-godzilla-monster-planet[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJ85XUZA\723[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJ85XUZA\723[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BJ85XUZA\click[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GD7TXY1E\152873920367[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GD7TXY1E\9MIH11AV.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GD7TXY1E\releases-3[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GD7TXY1E\search[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSAZK6U1\0[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSAZK6U1\723[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSAZK6U1\pd[6].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSAZK6U1\pd[7].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSAZK6U1\sync[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J4SL87H9\2513-three-billboards-outside-ebbing-missouri[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J4SL87H9\IG5K69D3.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J4SL87H9\i[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J4SL87H9\pr[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J4SL87H9\xti[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZGXFP1R\2433-hampstead[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZGXFP1R\sh.d663e43787b663d5491cf753[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZGXFP1R\xti[8].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M07CJ1OB\2370-blood-money[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M07CJ1OB\show[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M07CJ1OB\sports[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M07CJ1OB\thesun[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\173078321238[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\33298[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\bedroom-colour-schemes-89813[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\ws[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\xti[5].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\xti[6].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\xti[7].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OBES0V8G\YI1PLJKV.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYTAMMZU\723[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYTAMMZU\cryptonight-asmjs.min[1].js JS/CoinMiner.F potentially unwanted application cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYTAMMZU\xti[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYTAMMZU\xti[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYTAMMZU\xti[4].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RCTYG33J\33298[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RCTYG33J\msie2[1].htm HTML/FakeAlert.MR trojan cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RCTYG33J\WJS7I2D0.htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\263456856836[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\container[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\container[2].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\i[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[3].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[4].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[5].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[6].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[7].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[8].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2PQ0H61\xti[9].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZXPF9EB\292356226537[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZXPF9EB\cryptonight-asmjs.min[1].js JS/CoinMiner.F potentially unwanted application cleaned by deleting
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZXPF9EB\i[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZXPF9EB\load[1].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZXPF9EB\pd[3].htm HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Mozilla\Firefox\Profiles\bt1cgh67.default-1517661401600\cache2\entries\2B449F348C5585D80D985143B662F3A9FD191F4D HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Opera Software\Opera Stable\Cache\f_000003 HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Opera Software\Opera Stable\Cache\f_000004 HTML/ScrInject.B trojan deleted
C:\Users\Brent\AppData\Local\Opera Software\Opera Stable\Cache\f_000005 HTML/ScrInject.B trojan deleted
C:\Users\Brent\Downloads\flashplayer_setup.exe a variant of MSIL/TrojanDropper.Addrop.B trojan cleaned by deleting
C:\Users\Public\Documents\Downloaded Installers\{EE6EFB90-09F2-4589-92FE-8B644AA35390}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
C:\Windows\3fad85919dd74a49b118aa3a8decb5ec\3fad85919dd74a49b118aa3a8decb5ec_1.exe a variant of MSIL/Adware.MyBeeSearch.F application cleaned by deleting
 

y


Edited by mc303m, 08 February 2018 - 03:23 PM.


#10 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 08 February 2018 - 04:50 PM

Hi mc303m,

Let's clean up some of the tools which we've run on your computer.

  • Please download Delfix from here and save it to your desktop.
  • On your desktop, right click on Delfix and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow Delfix to run.
  • When Delfix opens, ensure there are checkmarks by the following and that the other boxes are blank:
    • Remove disinfection tools
  • Click Run.
  • After the cleanup process is complete, Delfix should open a log file. Please copy and paste that into your next reply.

It looks like your computer is clean!

Before we close this topic, please read through this last bit of information. Reading through it and following what I'm saying will help prevent you from getting infected again in the future. Since this is someone else's computer, this information is important not only for you, but also for them. As such, please have the computer's owner also read this information.

Anti-Virus Software

Perhaps the most important thing to keep infections off your machine is anti-virus software. Anti-virus software scans your system regularly for any viruses, and if it finds anything, it will notify you and remove the infection. I'm sure this sounds like a good thing to you, and now you want to go get every antivirus that's out there! However, you should really only get one. If you get multiple, then there is a high risk of conflict between the two. To avoid anything like that, please only download one antivirus software. In addition, you should ensure that your anti-virus software is always updated. Using an outdated version could lead to more recent infections getting around your software.

There are many different anti-virus programs out there. I personally use Avast!, which has both a paid and free version. The free version has worked quite well for me, and I'm sure it would for you, as well. However, there are also other software available, such as Kaspersky, BitDefender, and ESET.

Backups

In case something goes wrong with your system, you want some way to restore it back to how it was before the problem appeared. Thus, you should make regular backups of your system. This includes both system files, in case you get infected again, as well as your personal files, lest you lose everything in the case of a hard drive failure or a ransomware infection.

Program and Windows Updates

Very much like your anti-virus software, Windows and 3rd party softwares will have updates every so often. To avoid falling prey to programs which may use exploits in these softwares, you should install any updates to them when they become available.

P2P Programs and Illegal Media

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal.

Once again, your system is now all clean! Do you have any questions for me concerning keeping your system clean?

In your next reply, please include the following:

  • Delfix.txt

sasschary



#11 mc303m

mc303m
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 February 2018 - 05:08 PM

Hi Zach, As requested.

 

 

# DelFix v1.013 - Logfile created 08/02/2018 at 21:59:28
# Updated 17/04/2016 by Xplode
# Username : Brent - BRENT-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
########## - EOF - ##########
 
Thank you so much for sharing your valuable time and knowledge with me, it is truly appreciated. Top Man.
 
Regards  Richard :)


#12 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:45 PM

Posted 08 February 2018 - 05:09 PM

You're welcome, I am very glad to be of assistance!



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:45 AM

Posted 12 February 2018 - 01:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users