Jump to content

Sequoia33

Honorary Members
 View Profile  See their activity

  • Posts

    86

  • Joined

  • Last visited

 Content Type 

Everything posted by Sequoia33

  1. Sequoia33
    MB Threat scan was the first and last scan in the sequence while I was in panic mode. Here is the final scan (below). The only scan that detected anything at all, other than FRST64, was ComboFix, which removed many MBs of files. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/25/18 Scan Time: 5:13 PM Log File: 95e753b6-6079-11e8-9441-0025b3c889fc.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.5252 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: workhorse-PC\work horse -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 229491 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 7 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Warn -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) In the original post I had to delete the FRST64 logs as they opened in MY DOCUMENTS. They should be OK now: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01 Ran by work horse (administrator) on WORKHORSE-PC (25-05-2018 16:16:20) Running from C:\Users\work horse\Desktop Loaded Profiles: work horse (Available Profiles: work horse) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe ( ) C:\Windows\System32\lxeccoms.exe (Microsoft Corporation) C:\Windows\System32\snmptrap.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-14] (AVAST Software) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoInstrumentation] 0 HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [HideSCABattery] 1 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [HideSCAVolume] 1 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 GroupPolicy\User: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{A30157EC-C570-4269-AD57-EC49495A2400}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{B6C16AFE-B8F4-4385-AA18-0F1E73AC3B4B}: [DhcpNameServer] 192.168.224.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2561101334-532984164-2244958137-1000 -> DefaultScope {D961C8E7-BDBC-4C26-87A6-D820A2D6FE0D} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2561101334-532984164-2244958137-1000 -> {D961C8E7-BDBC-4C26-87A6-D820A2D6FE0D} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-11] (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-11] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-11] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-11] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2561101334-532984164-2244958137-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-11] (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default [2018-05-25] CHR Extension: (Google Drive) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-29] CHR Extension: (YouTube) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-29] CHR Extension: (Avira Browser Safety) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-05-25] CHR Extension: (Webroot Filtering Extension) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-05-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-29] CHR Extension: (Chrome Media Router) - C:\Users\work horse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-17] CHR Profile: C:\Users\work horse\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-25] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-14] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-14] (AVAST Software) R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( ) R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 1999-12-31] ((Standard mouse types)) [File not signed] S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 1999-12-31] ((Standard mouse types)) [File not signed] S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 1999-12-31] (A4Tech Co.,Ltd.) [File not signed] R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-14] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-05] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-05] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-05] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-05] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-14] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-14] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-14] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-14] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-14] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-14] (AVAST Software) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-29] (REALiX(tm)) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-05-25] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-05-25] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-05-25] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-25] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-05-25] (Malwarebytes) S4 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Realtek Semiconductor Corporation ) [File not signed] S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] () U1 aswbdisk; no ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X] S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X] U0 SR; no ImagePath U2 srservice; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 16:16 - 2018-05-25 16:17 - 000018435 _____ C:\Users\work horse\Desktop\FRST.txt 2018-05-25 16:00 - 2018-05-25 16:00 - 000002224 _____ C:\Users\work horse\Desktop\GOOGLE.lnk 2018-05-25 15:56 - 2018-05-25 15:56 - 000019260 _____ C:\Users\work horse\Documents\ComboFixScan.txt 2018-05-25 15:41 - 2018-05-25 15:41 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-05-25 15:35 - 2018-05-25 15:35 - 000019260 _____ C:\ComboFix.txt 2018-05-25 15:24 - 2018-05-25 15:41 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-05-25 15:24 - 2018-05-25 15:41 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-05-25 15:24 - 2018-05-25 15:41 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-05-25 15:24 - 2018-05-25 15:24 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-05-25 15:14 - 2018-05-25 15:35 - 000000000 ____D C:\ComboFix 2018-05-25 15:11 - 2018-05-25 15:58 - 000000000 ____D C:\Qoobox 2018-05-25 14:54 - 2018-05-25 14:58 - 000000000 ____D C:\AdwCleaner 2018-05-25 11:53 - 2018-05-25 16:16 - 000000000 ____D C:\FRST 2018-05-25 11:52 - 2018-05-25 11:52 - 002413056 _____ (Farbar) C:\Users\work horse\Desktop\FRST64.exe 2018-05-24 07:50 - 2018-05-24 08:23 - 000000000 ____D C:\ProgramData\RogueKiller 2018-05-14 16:19 - 2018-05-14 16:19 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-05-13 19:34 - 2018-05-13 19:34 - 000002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-25 16:01 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf 2018-05-25 15:49 - 2017-10-16 19:40 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-05-25 15:40 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-05-25 15:25 - 2009-07-13 19:34 - 000000215 _____ C:\Windows\system.ini 2018-05-24 07:51 - 2017-10-09 12:40 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-05-17 09:45 - 2014-06-18 16:43 - 000000000 ____D C:\ProgramData\Lx_cats 2018-05-16 18:31 - 2017-11-15 20:25 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-16 18:31 - 2017-11-15 20:25 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d2d48e95e5d717 2018-05-15 11:35 - 2016-09-08 22:47 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-14 16:19 - 2017-11-09 15:40 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-05-14 16:19 - 2017-10-17 07:53 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-05-14 16:18 - 2017-10-17 07:53 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-05-13 19:33 - 2014-03-16 20:05 - 000000000 ____D C:\Program Files\Google 2018-05-13 19:33 - 2014-03-16 11:59 - 000000000 ____D C:\Program Files (x86)\Google 2018-05-08 11:53 - 2018-04-05 12:46 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-05-08 11:53 - 2017-10-11 18:35 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-05-08 11:53 - 2017-10-11 18:35 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-05-08 11:53 - 2017-10-11 18:35 - 000004494 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-05-08 11:53 - 2014-03-11 08:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-05-08 11:53 - 2014-03-11 08:16 - 000000000 ____D C:\Windows\system32\Macromed 2018-04-28 15:07 - 2017-10-23 11:22 - 000000000 ____D C:\Users\work horse\Documents\Letters ==================== Files in the root of some directories ======= 2014-03-23 09:43 - 2014-03-23 09:43 - 000019634 _____ () C:\Users\work horse\AppData\Roaming\UserTile.png 2014-03-14 18:34 - 2018-02-12 19:38 - 000007628 _____ () C:\Users\work horse\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-18 20:10 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 Ran by work horse (25-05-2018 13:55:47) Running from C:\Users\work horse\Desktop Windows 7 Professional Service Pack 1 (X64) (2014-02-18 01:00:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2561101334-532984164-2244958137-500 - Administrator - Disabled) Guest (S-1-5-21-2561101334-532984164-2244958137-501 - Limited - Disabled) work horse (S-1-5-21-2561101334-532984164-2244958137-1000 - Administrator - Enabled) => C:\Users\work horse ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.) Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel) Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd) Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Wager Pro (HKLM-x32\...\{26462BEE-27A8-CE72-C1BC-A017F4FEAE1D}) (Version: 1.7.5 - Churchill Downs Technology Initiatives Company) Hidden Wager Pro (HKLM-x32\...\com.twinspires.tspro.air) (Version: v1.7.5 - Churchill Downs Technology Initiatives Company) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-14] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-14] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-14] (AVAST Software) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-14] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-14] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) FolderExtensions: [] -> {F6BF8414-962C-40FE-90F1-B80A7E72DB9A} => ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1CB05AD6-2A21-403F-BFAD-54391BDE67FD} - System32\Tasks\{DC0A6FDC-2BD9-4A29-8AF5-0A0BA1369456} => C:\Program Files (x86)\Auslogics\Disk Defrag\DiskDefrag.exe Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {3BE4993A-ADAB-4957-ABBF-E2ED3C5DCC0F} - System32\Tasks\Microsoft\Windows\PLA\System\{DB159C10-80D2-4C41-B78A-C6E2D8D1931D}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {3BE4993A-ADAB-4957-ABBF-E2ED3C5DCC0F} - System32\Tasks\Microsoft\Windows\PLA\System\{DB159C10-80D2-4C41-B78A-C6E2D8D1931D}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{DB159C10-80D2-4C41-B78A-C6E2D8D1931D}_System Diagnostics" Task: {61C0BA83-EB2F-4882-81FD-B00CF00DE39C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-08] (Adobe Systems Incorporated) Task: {6B4538C8-A0E4-4E0E-B705-13AC07FBA5CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.) Task: {6E9B310F-3DD0-4603-A5B3-66237226F163} - System32\Tasks\GoogleUpdateTaskMachineCore1d2d48e95e5d717 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.) Task: {7AB4AD87-7B58-42DB-884E-5466EFC61082} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {8F79663D-8EA9-4D8A-BCA2-65BDF14414E0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-14] (AVAST Software) Task: {990B5B49-782F-418A-99AD-FE09185D4EFA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B398302D-644A-42C3-AAB0-E4A2F1DDDB42} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software) Task: {BC986259-CE13-47DA-846B-3787BD1DE975} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated) Task: {C72AACB7-65CE-41A3-ABB0-098AFC4ED820} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2017-08-11] (Tracker Software Products (Canada) Ltd.) Task: {CB0C844C-3FA0-4901-838F-38D58B66A7CD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d20a5d78704667.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-06-18 16:32 - 2009-11-04 13:18 - 000189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll 2017-06-13 07:07 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-06-13 07:07 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000736984 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 001069784 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000598232 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-05-25 11:20 - 2018-05-25 11:20 - 005786256 _____ () C:\Program Files\AVAST Software\Avast\defs\18052504\algo.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-05-14 16:19 - 2018-05-14 16:19 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-05-14 16:18 - 2018-05-14 16:18 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-03-05 08:45 - 2018-03-05 08:45 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION HKU\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Classes\exefile: "%1" %* <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE trusted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\ed.gov -> hxxps://www.myeddebt.ed.gov IE trusted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\google.com -> hxxps://www.google.com IE trusted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\live.com -> hxxps://bay169.mail.live.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2561101334-532984164-2244958137-1000\...\123simsen.com -> www.123simsen.com There are 7934 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2017-09-28 09:57 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2561101334-532984164-2244958137-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AviraUpdaterService => 2 MSCONFIG\Services: gupdate => 3 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: lxecmon.exe => "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{6BC4DFA7-D1F5-453D-8812-7493FD37F012}] => (Block) LPort=445 FirewallRules: [{AF8AA981-B00E-4121-8D75-D33D39C92191}] => (Block) LPort=445 FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [{104722FA-6143-4137-B407-CDDE08FA05FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-05-2018 18:47:13 mmm ==================== Faulty Device Manager Devices ============= Name: Compatible Mouse Filter Driver Description: Compatible Mouse Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Amfilter Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PS/2 Mouse Description: PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Logitech Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Keyboard Description: PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: Logitech Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz Percentage of memory in use: 26% Total physical RAM: 4015.3 MB Available physical RAM: 2942.26 MB Total Virtual: 8028.48 MB Available Virtual: 7049.18 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:149.05 GB) (Free:122.69 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 3B2B3B2B) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ FRST_25-05-2018 16.18.58.txt FRST_25-05-2018 16.18.58.txt
  2. Sequoia33
    My security was turned off and I could not re-start it. I was unable to go on-line. My Chrome icon disappeared. So, I scanned with: Malwarebytes Avast ADWCleaner Junkware Removal Tool TDSKiller Rogue Killer ComboFix FRST64
  3. Sequoia33
    Hi Ron, Thanks for the explanation, and also for the link. I have a better understanding now of how difficult it is to clean up an infected machine. Hope things turned out well for your wife. Thanks again. S33
  4. Sequoia33
    Hi Ron, On the second pass with RK, Tr.ROSENA was successfully removed. A final scan came up clean. Was surprised that MB (and Avira) scans did not detect these bad actors.
  5. Sequoia33
    Hi Ron, My machine seemed to be working fine this past week, except for one odd behavior: when I first sign on and click on Google, there is about a 7-second delay, as if I am being redirected. So I ran Rogue Killer, and it discovered the ANGLER exploit kit, and also Tr.ROSENA. (Notice that the log states "error" by the Tr.Rosena file.) Here is the clean log: Registry Detection Name Path Key/Value Data Status Suspicious.Path CLSID (X64) HKEY_CLASSES_ROOT\CLSID {F6BF8414-962C-40FE-90F1-B80A7E72DB9A} C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\wkscli.dll ERROR [4001] PUM.HomePage IE Settings (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Internet Explorer\Main Start Page http://www.cnn.com/ Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) PUM.HomePage IE Settings (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Internet Explorer\Main Start Page http://www.cnn.com/ Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) PUM.Policies Policies (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System ConsentPromptBehaviorAdmin 0 Replaced (2) PUM.Policies Policies (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System ConsentPromptBehaviorAdmin 0 Replaced (2) PUM.StartMenu Explorer Advanced (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowControlPanel 2 Replaced (1) PUM.StartMenu Explorer Advanced (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowMyDocs 2 Replaced (1) PUM.StartMenu Explorer Advanced (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowDownloads 0 Replaced (1) PUM.StartMenu Explorer Advanced (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowRecentDocs 2 Replaced (1) PUM.StartMenu Explorer Advanced (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowVideos 0 Replaced (1) PUM.StartMenu Explorer Advanced (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowControlPanel 2 Replaced (1) PUM.StartMenu Explorer Advanced (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowMyDocs 2 Replaced (1) PUM.StartMenu Explorer Advanced (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowDownloads 0 Replaced (1) PUM.StartMenu Explorer Advanced (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowRecentDocs 2 Replaced (1) PUM.StartMenu Explorer Advanced (X86) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_ShowVideos 0 Replaced (1) Tr.Rosena Rosena (X64) HKEY_USERS\S-1-5-21-2561101334-532984164-2244958137-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} ERROR [2] Back to the top ©2010-2015 Adlice Software
  6. Sequoia33
    Hi Ron, Thank you (and MB) for your help.
  7. Sequoia33
    Hi Ron, That was the scariest thing that has happened to my machine since a BSOD in the nineties. Started out with no Chrome, just IE. Imported bookmarks but only received 3 from IE, which I only use to access one site. Another attempt resulted in my 250 bookmarks being imported, along with Chrome. Many have new icons or are missing icons, but that will be corrected later. If everything looks OK to you so far, am willing to stop here. After MB removed the trojan, I neglected to inspect my settings right away, so when I thought that I was re-infected I may have just been recognizing some of the trojan's prior changes to my settings. What do you think?
  8. Sequoia33
    Hi Ron, 1. IE settings are fine 2. No MS Edge 3. No Firefox 4. Nothing synched in Chrome 4A. Unable to deselect bookmarks using "Hold Control + A"
  9. Sequoia33
    Hi Ron, After restart, here are the two Farbar logs: FRST.txt Addition.txt
  10. Sequoia33
    Hi Ron, Here is the MB log and the ADW clean log. MB log file.txt AdwCleaner[C2].txt
  11. Sequoia33
    Hi Ron, The logs requested in STEP 3 were in the OP. https://forums.malwarebytes.com/applications/core/interface/file/attachment.php?id=231876 https://forums.malwarebytes.com/applications/core/interface/file/attachment.php?id=231877 Thanks
  12. Sequoia33
    Hi Ron, Here is the ADWCleaner log: # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 28 23:23:09 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 08-29-2017.2 # Running on Windows 7 Professional (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\work horse\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\work horse\AppData\Roaming\IObit\Advanced SystemCare ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} PUP.Optional.Ask, [Key] - HKLM\SOFTWARE\AskToolbar PUP.Optional.YahooChrome, [Key] - HKLM\SOFTWARE\Yahoo\SS ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
  13. Sequoia33
    Hi Ron, Here is the MB Threat Scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/28/17 Scan Time: 7:31 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2910 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: workhorse-PC\work horse -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 302442 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 7 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  14. Sequoia33
    MB removed: JS/iframe.EB.717 Today MB and Avira were turned off and removed from start-up programs list. Files attached. FRST.txt Addition.txt hijackthis.log
  15. Sequoia33
    Thank you, DD. I used the clean removal tool and re-installed MBAM. Interestingly, the tool did not remove everything but left a MBAM folder with my ID and license key. I installed the program to that file. Now the program loads normally in about 12 seconds after the desktop appears. Thanks again.
  16. Sequoia33
    I see that this problem was occurring in 2009, and was fixed in later versions. I have version 2.0.1.1004 and MB is set to "Automatic" in services. A minor annoyance that I would like to eliminate, if possible.
  17. Sequoia33
    Thank you for your time spent in tackling and solving my problem. Your instructions were excellent.
  18. Sequoia33
    Noticed that there was still an AVG remnant, so did a search and found a 1kb file in the start-up menu, and deleted same.
  19. Sequoia33
    Here is the log from Security Check: Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 3 x86 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Out of date Malwarebytes Anti-Malware installed! CCleaner Adobe Reader 10.1.3 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log``````````````````````
  20. Sequoia33
    OK, will do.
  21. Sequoia33
    MSE detected no threats. Will there be a conflict since I also run MB Pro?
  22. Sequoia33
    OK, will do.
  23. Sequoia33
    AdwCleanerR1.txtAdwCleanerR1.txtOK, ran ADwCleaner again. Will now run CCleaner, but I don't have AVG. I dumped that program 4 years ago, so there must be a few files left behind. My only security hasbeen MB Pro. AdwCleanerR2.txt AdwCleanerS1.txt
  24. Sequoia33
    AdwCleanerR1.txtHere's the log:
  25. Sequoia33
    OK, will download that program.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.