Zenzoom Posted March 16, 2021 ID:1445164 Share Posted March 16, 2021 Hi, my wife's computer have been extremely slow for a long time, but on the beginning of this month she suspected it being hacked due to, after she being away for a couple of hours, some open files on the desktop (legit jpgs and docs) So, maybe this isn't the right place to ask for help, and if it isn't, please could you kindly refer somewhere else? Right now the computer is disconnected from the network and as per AdvancedSetup, I've run both Farbar and Malwarebytes and am attaching the reports here. I'm also attaching 2 txt files with an annotation about a proccess detected by Farbar. Thank you in advance for your attention (PS. Is hijackThis still in use?) Addition_excpLines.txt FRST.txt FRST_excpLines.txt MB_report.txt Addition.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted March 17, 2021 Solution ID:1445327 Share Posted March 17, 2021 Hiya Zenzoom and welcome to Malwarebytes, Continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your next reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Zenzoom Posted March 17, 2021 Author ID:1445378 Share Posted March 17, 2021 Hey Kevin, we're grateful for you help. Here are the logs: Fixlog.txt Quote Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-03-2021 13:12:00) C:\Windows\Temp\officeclicktorun.exe_streamserver(2021031712362237FC).log => Is moved successfully C:\Windows\Temp\YVONNE-20210317-1236.log => Is moved successfully ==== End of Fixlog 13:12:01 ==== AdwCleaner[C00].txt Quote # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-03-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-17-2021 # Duration: 00:00:14 # OS: Windows 10 Home # Cleaned: 18 # Awaiting reboot:3 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\csastats ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{163145BC-7CD3-4486-8507-CBE35EBD1986} Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{163145BC-7CD3-4486-8507-CBE35EBD1986} Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATE Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE Deleted Preinstalled.HPTouchSmart File C:\Users\Yvonne\Desktop\Netflix.lnk Deleted Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A0260B-98C1-495C-B924-DDCAEAA089FD} Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry Deleted Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ***** Reboot Required to Complete ***** ***** [ Folders ] ***** Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT Cleaning failed C:\ProgramData\DELL\UPDATESERVICE ************************* AdwCleaner[S00].txt - [3279 octets] - [17/03/2021 13:17:15] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## msert.log Quote --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.333, (build 1.333.648.0) Started On Wed Mar 17 13:54:32 2021 Engine: 1.1.17900.7 Signatures: 1.333.648.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Wed Mar 17 14:01:17 2021 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2021 ID:1445386 Share Posted March 17, 2021 Fix log is not complete, can I see the full log.. Link to post Share on other sites More sharing options...
Zenzoom Posted March 17, 2021 Author ID:1445389 Share Posted March 17, 2021 5 minutes ago, kevinf80 said: Fix log is not complete, can I see the full log.. That's the whole thing, file attached. Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2021 ID:1445390 Share Posted March 17, 2021 That is not a complete log, can you run the fix again please... Link to post Share on other sites More sharing options...
Zenzoom Posted March 17, 2021 Author ID:1445391 Share Posted March 17, 2021 Should I run it again? Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2021 ID:1445392 Share Posted March 17, 2021 Check in the following folder see if complete fix log is there: C:\FRST\Logs Link to post Share on other sites More sharing options...
Zenzoom Posted March 17, 2021 Author ID:1445416 Share Posted March 17, 2021 That was weird. The one inside C:\FRST\Logs is the same thing. I rerun FRST and here is the new log: Quote Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021 Ran by Yvonne (17-03-2021 14:58:25) Run:2 Running from C:\Users\Yvonne\Desktop Loaded Profiles: defaultuser0 & Yvonne Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {58AED431-1A1C-4E0C-AF7D-FE398C5F18E3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [508] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [508] AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [508] Hosts: cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: sfc /scannow C:\Windows\Temp\*.* EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58AED431-1A1C-4E0C-AF7D-FE398C5F18E3}" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found "C:\ProgramData" => ":YXVtLmh6aQ" ADS not found. C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully "C:\Users\All Users" => ":YXVtLmh6aQ" ADS not found. "C:\ProgramData\Application Data" => ":YXVtLmh6aQ" ADS not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete. Verification 0% complete. Verification 1% complete. Verification 1% complete. Verification 2% complete. Verification 2% complete. Verification 2% complete. Verification 3% complete. Verification 3% complete. Verification 4% complete. Verification 4% complete. Verification 5% complete. Verification 5% complete. Verification 5% complete. Verification 6% complete. Verification 6% complete. Verification 7% complete. Verification 7% complete. Verification 8% complete. Verification 8% complete. Verification 8% complete. Verification 9% complete. Verification 9% complete. Verification 10% complete. Verification 10% complete. Verification 10% complete. Verification 11% complete. Verification 11% complete. Verification 12% complete. Verification 12% complete. Verification 13% complete. Verification 13% complete. Verification 13% complete. Verification 14% complete. Verification 14% complete. Verification 15% complete. Verification 15% complete. Verification 16% complete. Verification 16% complete. Verification 16% complete. Verification 17% complete. Verification 17% complete. Verification 18% complete. Verification 18% complete. Verification 18% complete. Verification 19% complete. Verification 19% complete. Verification 20% complete. Verification 20% complete. Verification 21% complete. Verification 21% complete. Verification 21% complete. Verification 22% complete. Verification 22% complete. Verification 23% complete. Verification 23% complete. Verification 24% complete. Verification 24% complete. Verification 24% complete. Verification 25% complete. Verification 25% complete. Verification 26% complete. Verification 26% complete. Verification 26% complete. Verification 27% complete. Verification 27% complete. Verification 28% complete. Verification 28% complete. Verification 29% complete. Verification 29% complete. Verification 29% complete. Verification 30% complete. Verification 30% complete. Verification 31% complete. Verification 31% complete. Verification 32% complete. Verification 32% complete. Verification 32% complete. Verification 33% complete. Verification 33% complete. Verification 34% complete. Verification 34% complete. Verification 34% complete. Verification 35% complete. Verification 35% complete. Verification 36% complete. Verification 36% complete. Verification 37% complete. Verification 37% complete. Verification 37% complete. Verification 38% complete. Verification 38% complete. Verification 39% complete. Verification 39% complete. Verification 40% complete. Verification 40% complete. Verification 40% complete. Verification 41% complete. Verification 41% complete. Verification 42% complete. Verification 42% complete. Verification 42% complete. Verification 43% complete. Verification 43% complete. Verification 44% complete. Verification 44% complete. Verification 45% complete. Verification 45% complete. Verification 45% complete. Verification 46% complete. Verification 46% complete. Verification 47% complete. Verification 47% complete. Verification 48% complete. Verification 48% complete. Verification 48% complete. Verification 49% complete. Verification 49% complete. Verification 50% complete. Verification 50% complete. Verification 51% complete. Verification 51% complete. Verification 51% complete. Verification 52% complete. Verification 52% complete. Verification 53% complete. Verification 53% complete. Verification 53% complete. Verification 54% complete. Verification 54% complete. Verification 55% complete. Verification 55% complete. Verification 56% complete. Verification 56% complete. Verification 56% complete. Verification 57% complete. Verification 57% complete. Verification 58% complete. Verification 58% complete. Verification 59% complete. Verification 59% complete. Verification 59% complete. Verification 60% complete. Verification 60% complete. Verification 61% complete. Verification 61% complete. Verification 61% complete. Verification 62% complete. Verification 62% complete. Verification 63% complete. Verification 63% complete. Verification 64% complete. Verification 64% complete. Verification 64% complete. Verification 65% complete. Verification 65% complete. Verification 66% complete. Verification 66% complete. Verification 67% complete. Verification 67% complete. Verification 67% complete. Verification 68% complete. Verification 68% complete. Verification 69% complete. Verification 69% complete. Verification 69% complete. Verification 70% complete. Verification 70% complete. Verification 71% complete. Verification 71% complete. Verification 72% complete. Verification 72% complete. Verification 72% complete. Verification 73% complete. Verification 73% complete. Verification 74% complete. Verification 74% complete. Verification 75% complete. Verification 75% complete. Verification 75% complete. Verification 76% complete. Verification 76% complete. Verification 77% complete. Verification 77% complete. Verification 77% complete. Verification 78% complete. Verification 78% complete. Verification 79% complete. Verification 79% complete. Verification 80% complete. Verification 80% complete. Verification 80% complete. Verification 81% complete. Verification 81% complete. Verification 82% complete. Verification 82% complete. Verification 83% complete. Verification 83% complete. Verification 83% complete. Verification 84% complete. Verification 84% complete. Verification 85% complete. Verification 85% complete. Verification 85% complete. Verification 86% complete. Verification 86% complete. Verification 87% complete. Verification 87% complete. Verification 88% complete. Verification 88% complete. Verification 88% complete. Verification 89% complete. Verification 89% complete. Verification 90% complete. Verification 90% complete. Verification 91% complete. Verification 91% complete. Verification 91% complete. Verification 92% complete. Verification 92% complete. Verification 93% complete. Verification 93% complete. Verification 94% complete. Verification 94% complete. Verification 94% complete. Verification 95% complete. Verification 95% complete. Verification 96% complete. Verification 96% complete. Verification 96% complete. Verification 97% complete. Verification 97% complete. Verification 98% complete. Verification 98% complete. Verification 99% complete. Verification 99% complete. Verification 99% complete. Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\AdobeARM.log => moved successfully C:\Windows\Temp\AdobeARM_Helper.log => moved successfully C:\Windows\Temp\ArmUI.ini => moved successfully C:\Windows\Temp\AvastBrowser_installer.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\DBUtil_2_3.Sys => moved successfully C:\Windows\Temp\mat-debug-12600.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(2021031713094910EC).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210317133148108C).log => moved successfully Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(2021031714593536A0).log" => Scheduled to move on reboot. C:\Windows\Temp\YVONNE-20210317-1309.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1317.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1320.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1328.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1331.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1342.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1356.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1406.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1411.log => moved successfully C:\Windows\Temp\YVONNE-20210317-1455.log => moved successfully Could not move "C:\Windows\Temp\YVONNE-20210317-1459.log" => Scheduled to move on reboot. ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 11296768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9536525 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 207 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 9546 B NetworkService => 13184 B defaultuser0 => 13184 B Yvonne => 39907793 B RecycleBin => 293 B EmptyTemp: => 58 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-03-2021 15:29:21) C:\Windows\Temp\officeclicktorun.exe_streamserver(2021031714593536A0).log => Is moved successfully C:\Windows\Temp\YVONNE-20210317-1459.log => Is moved successfully ==== End of Fixlog 15:29:22 ==== Fixlog.txt 1 Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2021 ID:1445441 Share Posted March 17, 2021 What is the current status of your PC, any remaining issues or concerns..? Link to post Share on other sites More sharing options...
Zenzoom Posted March 18, 2021 Author ID:1445663 Share Posted March 18, 2021 Hey Kevin, I'm sorry for the delay. It seems that everything is running much faster than before, that's for sure. Do you think there is still anything I should be concerned about or do? xD 1 Link to post Share on other sites More sharing options...
kevinf80 Posted March 18, 2021 ID:1445672 Share Posted March 18, 2021 Just one final scan to make sure your system is clean... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Link to post Share on other sites More sharing options...
Zenzoom Posted March 19, 2021 Author ID:1445851 Share Posted March 19, 2021 20 hours ago, kevinf80 said: [...] If no threats were found please confirm that result.... Like you said, it took hours, three and a half to be exact, and it found no threats. Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2021 ID:1445857 Share Posted March 19, 2021 (edited) Hiya Zenzoom, Yep SophosAV scan is very thorough and can take awhile to complete, still worth knowing your system is clean.. Just need to finish up.... Uninstall the following program (unless you prefer to keepit):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: E:\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Edited March 19, 2021 by kevinf80 1 Link to post Share on other sites More sharing options...
Zenzoom Posted March 19, 2021 Author ID:1445907 Share Posted March 19, 2021 Thank you Kevin, stay safe! :) Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2021 ID:1445930 Share Posted March 19, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts