Jump to content

GuyDangerous28

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. GuyDangerous28
    Nope, everything went smoothly. Thanks Aura! DelFix Log: # DelFix v1.013 - Logfile created 30/10/2017 at 09:19:08 # Updated 17/04/2016 by Xplode # Username : TheWyseOne - THEWYSEONE-HP # Operating System : Windows 10 Pro (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\Users\TheWyseOne\Desktop\Addition.txt Deleted : C:\Users\TheWyseOne\Desktop\Fixlog.txt Deleted : C:\Users\TheWyseOne\Desktop\FRST.txt Deleted : C:\Users\TheWyseOne\Desktop\FRST64.exe Deleted : C:\Users\TheWyseOne\Desktop\Info.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #23 [Scheduled Checkpoint | 10/26/2017 04:43:50] Deleted : RP #24 [Removed Online Application | 10/28/2017 17:26:11] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. GuyDangerous28
    Okay so I just rebooted my system to try to take a picture of the screen that appears before startup and it didn’t appear this time. It seems to have resolved itself for now so I think it’s fine. If it reappears may I private message you?
  3. GuyDangerous28
    Sorry for the late reply, but yes, the message has reappeared on this reboot as well. However, the malware issue appears to have been resolved. What’s next?
  4. GuyDangerous28
    Hi Aura, I'm gonna paste the text from the fixlog below. Also, after FRST completed it did a mandatory reboot, and when booting, my machine gave me a message about osloader.exe and saying it was altered and something about it's signature or something to that effect. Is this normal? I'm sorry if it's too vague, I don't remember what it said very well. Text from fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017 Ran by TheWyseOne (29-10-2017 13:06:20) Run:1 Running from C:\Users\TheWyseOne\Desktop Loaded Profiles: TheWyseOne (Available Profiles: TheWyseOne & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\...\Run: [Win64svc] => krk.tmp HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\...\Run: [CloudNet] => "C:\Users\TheWyseOne\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" 20966x8208 GroupPolicy: Restriction <==== ATTENTION FF user.js: detected! => C:\Users\TheWyseOne\AppData\Roaming\Mozilla\Firefox\Profiles\tapx2mt7.default\user.js [2017-07-12] FF Extension: (Tables) - C:\Users\TheWyseOne\AppData\Roaming\Mozilla\Firefox\Profiles\tapx2mt7.default\Extensions\300414@extcorp.com.xpi [2017-10-27] CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={DF43C7F5-B9C7-486F-AF6E-B9D2E5089D9C}&mid=0940c4ebb11647d29d3c19be75fa5e8d-59fe9b827fd42b2ebfa48f04d5edb245e2faab84&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-08 16:22:28&v=18.0.5.292&pid=safeguard&sg=&sap=hp CHR StartupUrls: Default -> "hxxp://education.yahoo.net/articles/degrees_that_could_pay_off.htm","hxxp://careerplanning.about.com/od/occupations/a/computercareers.htm","hxxp://careerplanning.about.com/od/occupations/p/comp_soft_eng.htm","hxxp://careerplanning.about.com/od/occupations/p/comphardwareeng.htm","hxxp://www.slideshare.net/zzgenius/caribbean-studies-ia","hxxp://www.slideshare.net/Ocelisa/law-ia","hxxps://mysearch.avg.com?cid={DF43C7F5-B9C7-486F-AF6E-B9D2E5089D9C}&mid=0940c4ebb11647d29d3c19be75fa5e8d-59fe9b827fd42b2ebfa48f04d5edb245e2faab84&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-08 16:22:28&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1416895819&from=amt&uid=FUJITSUXMHZ2160BHXG2_K616T8C3J3VM","hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=C0FD001B7729BCFE&affID=121128&tsp=4936" S2 TCPSvc; "C:\Users\TheWyseOne\AppData\Local\Temp\csrss\proxy\Tor\tor.exe" --nt-service --SocksPort 7050 --Log "notice file C:\WINDOWS\rss\t" <==== ATTENTION nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION Task: {0D0D1690-7061-4B04-A730-663E9471A15F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {0E3F7AFE-733C-4478-A5D9-9EAAA9D5B700} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {30830329-ABF8-4884-9F3B-719FF397BC51} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {3451DFE7-25DA-44A4-ABC5-8F5F6C2A24DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {6155416B-718D-4968-B898-CB51AE9780F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {6934B979-36B3-4E38-9E9E-C0C68FDB4204} - System32\Tasks\DecTheWyseOne => C:\Users\THEWYS~1\AppData\Local\Temp\krk.tmp <==== ATTENTION Task: {795767B6-A2EA-42E1-9557-816D7C000889} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {8BA2E847-A7A2-4E92-84A5-203FBA4B4AC7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {AE45AE2F-8C8B-40D8-9A4D-B3B5380F9EA8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {C5AE3F80-5505-4693-A9AF-C0617CA97B86} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C5CE9047-3EA4-4704-A759-A91947E48591} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe [2016-04-29] () Task: {E8DAE48A-DD07-4D8C-9871-FF3BA9C09933} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F49CA8FE-9CB1-43A7-BEF5-0338F7B3FFC8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {FD9E7ED3-44D1-458D-896D-12E96E189137} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {FFAC3062-427A-417B-9461-55788D26394D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\...\StartupApproved\Run: => "CloudNet" HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\...\StartupApproved\Run: => "NamelessSurf" HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\...\StartupApproved\Run: => "Win64svc" FirewallRules: [UDP Query User{BE4EA0D5-EF8E-431C-B0C9-818187DB1D18}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe FirewallRules: [TCP Query User{E9E9C01D-B378-49F3-A03D-637B31445AFE}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe FirewallRules: [TCP Query User{A70EEE31-D34F-49F0-B8E3-444ECF673D4C}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe FirewallRules: [UDP Query User{ECAD7F2F-0C1C-4384-9A47-F2E0DBC310A9}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe FirewallRules: [TCP Query User{C982EDD0-CD3F-4020-AB45-A2ED4B0595B2}C:\windows\files\bin\kmss.exe] => (Allow) C:\windows\files\bin\kmss.exe FirewallRules: [UDP Query User{06E0F03C-DBA1-402A-BE17-F030CE40B749}C:\windows\files\bin\kmss.exe] => (Allow) C:\windows\files\bin\kmss.exe FirewallRules: [{8DBDEBF5-6ACE-461A-A587-F998A73D2DDD}] => (Allow) 㩃啜敳獲呜敨祗敳湏履灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e FirewallRules: [{B7A66363-84B9-4A02-97FF-FF41C4D7129C}] => (Allow) 㩃啜敳獲呜敨祗敳湏履灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數 FirewallRules: [{9CB33C3E-D528-4600-B4B7-8BA45CB95A98}] => (Allow) C:\Users\TheWyseOne\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe C:\Program Files (x86)\GUTE6D6.tmp C:\ProgramData\df13c302-30e5-1 C:\ProgramData\df13c302-16d1-0 C:\ProgramData\Microleaves C:\Users\TheWyseOne\AppData\Local\{2B0EB280-3C05-464B-9A31-068A3B75D784} C:\Users\TheWyseOne\AppData\Local\AdvinstAnalytics C:\Users\TheWyseOne\AppData\Local\Geckofx C:\Users\TheWyseOne\AppData\Local\icsxml C:\Users\TheWyseOne\AppData\Local\20986331705021ca58edc424.96250074 C:\Users\TheWyseOne\AppData\Roaming\BrowserModule C:\Users\TheWyseOne\AppData\Roaming\EpicNet Inc C:\Users\TheWyseOne\AppData\Roaming\ssn C:\WINDOWS\files C:\WINDOWS\rss C:\WINDOWS\OInstall.exe EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Win64svc => value not found. HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CloudNet => value not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\Users\TheWyseOne\AppData\Roaming\Mozilla\Firefox\Profiles\tapx2mt7.default\user.js => moved successfully C:\Users\TheWyseOne\AppData\Roaming\Mozilla\Firefox\Profiles\tapx2mt7.default\Extensions\300414@extcorp.com.xpi => not found. Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully TCPSvc => service not found. ========================= bcdedit ======================== The operation completed successfully. ========= End of bcdedit ========= HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D0D1690-7061-4B04-A730-663E9471A15F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0D1690-7061-4B04-A730-663E9471A15F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E3F7AFE-733C-4478-A5D9-9EAAA9D5B700} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E3F7AFE-733C-4478-A5D9-9EAAA9D5B700} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30830329-ABF8-4884-9F3B-719FF397BC51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30830329-ABF8-4884-9F3B-719FF397BC51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3451DFE7-25DA-44A4-ABC5-8F5F6C2A24DE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3451DFE7-25DA-44A4-ABC5-8F5F6C2A24DE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6155416B-718D-4968-B898-CB51AE9780F0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6155416B-718D-4968-B898-CB51AE9780F0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6934B979-36B3-4E38-9E9E-C0C68FDB4204} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6934B979-36B3-4E38-9E9E-C0C68FDB4204} => key removed successfully C:\Windows\System32\Tasks\DecTheWyseOne => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DecTheWyseOne => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{795767B6-A2EA-42E1-9557-816D7C000889} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795767B6-A2EA-42E1-9557-816D7C000889} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BA2E847-A7A2-4E92-84A5-203FBA4B4AC7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA2E847-A7A2-4E92-84A5-203FBA4B4AC7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE45AE2F-8C8B-40D8-9A4D-B3B5380F9EA8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE45AE2F-8C8B-40D8-9A4D-B3B5380F9EA8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5AE3F80-5505-4693-A9AF-C0617CA97B86} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5AE3F80-5505-4693-A9AF-C0617CA97B86} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5CE9047-3EA4-4704-A759-A91947E48591} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5CE9047-3EA4-4704-A759-A91947E48591} => key not found. C:\Windows\System32\Tasks\OInstall => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OInstall => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8DAE48A-DD07-4D8C-9871-FF3BA9C09933} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8DAE48A-DD07-4D8C-9871-FF3BA9C09933} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F49CA8FE-9CB1-43A7-BEF5-0338F7B3FFC8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F49CA8FE-9CB1-43A7-BEF5-0338F7B3FFC8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD9E7ED3-44D1-458D-896D-12E96E189137} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9E7ED3-44D1-458D-896D-12E96E189137} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFAC3062-427A-417B-9461-55788D26394D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFAC3062-427A-417B-9461-55788D26394D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CloudNet => value removed successfully HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CloudNet => value not found. HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\NamelessSurf => value removed successfully HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NamelessSurf => value not found. HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Win64svc => value removed successfully HKU\S-1-5-21-2149118329-1174570317-2948332219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Win64svc => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE4EA0D5-EF8E-431C-B0C9-818187DB1D18}C:\windows\temp\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E9E9C01D-B378-49F3-A03D-637B31445AFE}C:\windows\temp\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A70EEE31-D34F-49F0-B8E3-444ECF673D4C}C:\windows\temp\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ECAD7F2F-0C1C-4384-9A47-F2E0DBC310A9}C:\windows\temp\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C982EDD0-CD3F-4020-AB45-A2ED4B0595B2}C:\windows\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{06E0F03C-DBA1-402A-BE17-F030CE40B749}C:\windows\files\bin\kmss.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DBDEBF5-6ACE-461A-A587-F998A73D2DDD} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7A66363-84B9-4A02-97FF-FF41C4D7129C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CB33C3E-D528-4600-B4B7-8BA45CB95A98} => value not found. C:\Program Files (x86)\GUTE6D6.tmp => moved successfully "C:\ProgramData\df13c302-30e5-1" => not found. "C:\ProgramData\df13c302-16d1-0" => not found. "C:\ProgramData\Microleaves" => not found. C:\Users\TheWyseOne\AppData\Local\{2B0EB280-3C05-464B-9A31-068A3B75D784} => moved successfully C:\Users\TheWyseOne\AppData\Local\AdvinstAnalytics => moved successfully C:\Users\TheWyseOne\AppData\Local\Geckofx => moved successfully C:\Users\TheWyseOne\AppData\Local\icsxml => moved successfully C:\Users\TheWyseOne\AppData\Local\20986331705021ca58edc424.96250074 => moved successfully "C:\Users\TheWyseOne\AppData\Roaming\BrowserModule" => not found. "C:\Users\TheWyseOne\AppData\Roaming\EpicNet Inc" => not found. C:\Users\TheWyseOne\AppData\Roaming\ssn => moved successfully C:\WINDOWS\files => moved successfully C:\WINDOWS\rss => moved successfully C:\WINDOWS\OInstall.exe => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95057221 B Java, Flash, Steam htmlcache => 492184 B Windows/system/drivers => 185854445 B Edge => 1397475 B Chrome => 358816059 B Firefox => 9016624 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 6758 B NetworkService => 2235754 B TheWyseOne => 668529250 B DefaultAppPool => 0 B RecycleBin => 2518 B EmptyTemp: => 1.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:11:34 ====
  5. GuyDangerous28
    Hi Aura, thanks for responding so promptly. I'm looking forward to working with you.
  6. GuyDangerous28
    Okay so at some point yesterday, I ran a shady looking setup file (yeah, I know...) that was supposed to be a VPN, and then it proceeded to download and install various programs on my machine, and make unauthorised alterations to my browser, etc. I had managed to find and uninstall most of them, but some of these files and folders won't go away, and now there's this issue of the "Open with" prompt repeatedly appearing asking me to choose a program to open a file called "krk.tmp" (which I have already deleted). I've done several antivirus scans and quarantined and deleted various files and registry entries detected as malware, but the problem persists. Please help. Addition.txt FRST.txt Threat Scan Report 10-29-2017.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.