Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malisious software possibly slowing down pc


  • Please log in to reply
3 replies to this topic

#1 sajagin

sajagin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 13 July 2018 - 09:57 AM

Hi,

 

as described in the previous topic, I would like to make sure, that my network is clean, and that any dangers that could eventually have infected the Win10 machine from the Win8.1 machine are removed.

 

The both files from the FRST tool I have uploaded bellow. The mbar-1.10.3.1001 did not find anything. Neither the AdwCleaner did.

 

Thanks a lot again!!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 14 July 2018 - 07:14 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1082420975-2923102236-1907400581-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll => No File
BHO: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll No File
S3 HPSLPSVC; C:\Users\Daniel\AppData\Local\Temp\7zS5F10\hpslpsvc32.dll [X] <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-1082420975-2923102236-1907400581-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
Task: {82FD48AD-E890-4604-A287-E051F7D2AD5B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-07-09] ()
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [406]
C:\Windows\AutoKMS
C:\ProgramData\ntuser.pol

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 sajagin

sajagin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 15 July 2018 - 09:48 AM

Hi nasdaq,

 

All done. The file I have attached down bellow. There were again lots of things to be removed.. I guess the pc's will perform better now.

 

The same I would like to ask you like in the previous topic, as I am not so far with the system background to work with the FRST tool, is, if I can use the tool to delete at least the temp files on any machines, without a fixlist.log file.. It did a great job, as I could see, and made some room on both drives, while deleting lots of junk I guess.. But if you say not to use it without the log, I wont.

 

Thanks a lot again an friendly regards!

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 16 July 2018 - 05:58 AM



You can run the following Fix on all computers.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) No need to post the logs.
===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users