Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Malware removal help

This is a discussion on Malware removal help within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18978 Run by Administrator at 11:27:00 on 2018-05-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2090


Like Tree4Likes
  • 1 Post By chemist
  • 1 Post By chemist
  • 1 Post By chemist
  • 1 Post By chemist
Closed Thread
 
Thread Tools Search this Thread
Old 05-07-2018, 09:51 AM   #1
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18978
Run by Administrator at 11:27:00 on 2018-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2090 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\3456E647572797C496E6B673334323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\3456E647572797C496E6B673334323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\77164736864767 : DHCPNameServer = 192.168.3.1 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\77164736864767D27657563747 : DHCPNameServer = 192.168.3.1 192.168.33.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\A4563737 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\A4563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656 : DHCPNameServer = 192.168.3.1 192.168.1.1
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D7F48D4-BE68-41AE-B9AF-374C8D6218F1}\F6E6C697D696E656D27657563747 : DHCPNameServer = 192.168.3.1 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-10 55856]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2018-4-3 76192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-6-3 737984]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-10 98208]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2319848]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2018-4-3 193768]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2018-4-3 6479136]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-12-11 292568]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2016-4-11 153616]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2018-4-3 253664]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-5-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-5-10 181248]
R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [2018-3-11 49336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2017-12-14 41608]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2017-12-14 41208]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-3-4 196440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-4-12 116224]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-10 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-10 317440]
S3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2018-4-3 112864]
S3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2018-4-3 44768]
S3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2018-4-3 93816]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2013-12-31 11264]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-5 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-10 250984]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-15 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-4 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-10 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2018-05-07 16:26:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31D0AA2D-F37B-45A8-B2ED-33F339897155}\offreg.928.dll
2018-05-06 20:48:49 14575456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31D0AA2D-F37B-45A8-B2ED-33F339897155}\mpengine.dll
2018-05-06 16:38:38 -------- d-----w- C:\Users\Administrator\AppData\Local\{13494F51-436D-4212-83E9-659BE99B505D}
2018-05-05 20:26:21 14575456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-05-05 16:33:18 -------- d-----w- C:\Users\Administrator\AppData\Local\{59DADED3-2A6F-42CD-8301-8851D0EDBB6F}
2018-05-02 18:54:50 -------- d-----w- C:\Users\Administrator\AppData\Local\{A800D406-928B-4499-A5FC-DD1B4381DF20}
2018-04-26 22:35:20 -------- d-----w- C:\Users\Administrator\AppData\Local\{25A911BB-58CC-485D-B20A-7BEAEFBE06D4}
2018-04-24 15:26:35 -------- d-----w- C:\Users\Administrator\AppData\Local\{1F880E7D-6F50-4973-BEE0-E8635BF26B88}
2018-04-21 17:13:22 -------- d-----w- C:\Users\Administrator\AppData\Local\{7B72FCE4-0DB4-4A0C-8266-17CBA8E4A9B1}
2018-04-16 19:53:26 -------- d-----w- C:\Users\Administrator\AppData\Local\{B6092212-C69D-484F-9D80-4A0922BE1742}
2018-04-12 16:09:48 995272 ----a-w- C:\Windows\System32\ucrtbase.dll
2018-04-12 15:50:01 -------- d-----w- C:\Users\Administrator\AppData\Local\{E1F1010D-8577-4B94-8017-F0206A0BF204}
2018-04-12 02:59:01 -------- d-----w- C:\Users\Administrator\AppData\Local\{1BACD88F-C175-434A-8442-9D5C94CA7E22}
2018-04-11 01:26:52 -------- d-----w- C:\Users\Administrator\AppData\Local\{971E8156-12AB-4F1C-8956-5A9DE2679FF2}
2018-04-09 22:10:47 -------- d-----w- C:\Users\Administrator\AppData\Local\{FD507808-97B4-418A-A6E2-DE8A3D81F7D7}
2018-04-08 20:56:08 -------- d-----w- C:\Users\Administrator\AppData\Local\{B9782BAD-64B2-4E17-B427-66D1461F6D59}
2018-04-07 1800 -------- d-----w- C:\ProgramData\Dell Inc
2018-04-07 18:05:52 -------- d-----w- C:\ProgramData\SupportAssist
2018-04-07 17:34:27 1993728 ----a-w- C:\Windows\System32\aitstatic.exe
2018-04-07 17:34:26 739840 ----a-w- C:\Windows\System32\generaltel.dll
2018-04-07 17:34:26 656384 ----a-w- C:\Windows\System32\aeinv.dll
2018-04-07 17:34:26 599552 ----a-w- C:\Windows\System32\devinv.dll
2018-04-07 17:34:26 450048 ----a-w- C:\Windows\System32\centel.dll
2018-04-07 17:34:26 414720 ----a-w- C:\Windows\System32\invagent.dll
2018-04-07 17:34:26 291840 ----a-w- C:\Windows\System32\acmigration.dll
2018-04-07 17:34:26 237056 ----a-w- C:\Windows\System32\aepic.dll
2018-04-07 17:34:26 1559552 ----a-w- C:\Windows\System32\appraiser.dll
2018-04-07 17:34:26 135360 ----a-w- C:\Windows\System32\CompatTelRunner.exe
.
==================== Find3M ====================
.
2018-05-07 14:43:05 253664 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2018-04-12 16:13:18 136971704 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-04-10 21:02:12 804864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-04-10 21:02:12 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-04-06 01:34:44 93816 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-04-05 19:24:18 44768 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-04-05 19:24:02 112864 ----a-w- C:\Windows\System32\drivers\farflt.sys
2018-04-04 00:16:27 193768 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys
2018-03-31 02:09:32 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-31 02:09:32 5583040 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-31 02:09:31 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-31 02:09:31 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-31 01:45:09 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-31 01:39:49 3958464 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-31 01:39:48 4046528 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-31 01:38:02 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-31 01:12:37 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-31 0157 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-31 0153 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-31 0153 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-31 0111 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-31 01:03:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-31 01:02:38 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-31 01:02:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-31 00:59:32 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-31 00:58:57 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-31 00:58:56 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-31 00:58:09 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-31 00:58:06 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-31 00:51:23 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-31 00:47:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-31 00:47:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-31 00:47:54 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-31 00:47:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-31 00:47:08 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-31 00:47:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-31 00:47:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-31 00:47:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-31 00:47:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-28 07:30:01 3225600 ----a-w- C:\Windows\System32\win32k.sys
2018-03-22 21:32:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-03-22 21:32:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-03-22 21:18:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-03-22 21:17:45 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-03-22 21:17:42 578048 ----a-w- C:\Windows\System32\vbscript.dll
2018-03-22 21:17:40 417280 ----a-w- C:\Windows\System32\html.iec
2018-03-22 21:17:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-03-22 21:15:46 5780480 ----a-w- C:\Windows\System32\jscript9.dll
2018-03-22 2118 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-03-22 2116 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-03-22 21:05:56 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-03-22 21:04:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-03-22 20:58:51 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-03-22 20:52:24 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-03-22 20:52:19 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-03-22 20:51:37 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-03-22 20:51:25 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-03-22 20:50:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-03-22 20:49:09 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-03-22 20:48:50 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-03-22 20:42:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-03-22 20:41:48 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-03-22 20:29:07 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-03-22 20:28:43 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-03-22 20:27:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-03-22 20:27:21 2135552 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-03-22 20:21:34 4496896 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-03-22 20:15:42 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-03-22 20:14:47 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-03-22 20:14:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-03-22 19:55:02 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-03-19 17:57:14 76192 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-03-12 03:43:48 2160888 ----a-w- C:\Windows\System32\WudfUpdate_01009.dll
2018-03-12 03:43:46 144048 ----a-w- C:\Windows\System32\drivers\UMDF\WirelessDevice.dll
2018-03-12 03:43:42 49336 ----a-w- C:\Windows\System32\drivers\WirelessKeyboardFilter.sys
2018-03-10 17:11:45 340480 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2018-03-09 18:18:00 309440 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-03-09 18:12:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2018-03-09 18:12:47 111616 ----a-w- C:\Windows\SysWow64\t2embed.dll
2018-03-09 18:12:12 383680 ----a-w- C:\Windows\System32\atmfd.dll
2018-03-09 18:12:07 71680 ----a-w- C:\Windows\SysWow64\fontsub.dll
2018-03-09 18:11:42 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2018-03-09 18:07:45 152064 ----a-w- C:\Windows\System32\t2embed.dll
2018-03-09 18:07:21 41472 ----a-w- C:\Windows\System32\lpk.dll
2018-03-09 18:07:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2018-03-09 1841 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-03-09 1803 46080 ----a-w- C:\Windows\System32\atmlib.dll
2018-03-09 17:31:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2018-03-06 18:13:57 148160 ----a-w- C:\Windows\SysWow64\basecsp.dll
2018-03-06 18:11:54 52224 ----a-w- C:\Windows\SysWow64\wsnmp32.dll
2018-03-06 18:11:35 184320 ----a-w- C:\Windows\SysWow64\scksp.dll
2018-03-06 18:10:17 170176 ----a-w- C:\Windows\System32\basecsp.dll
2018-03-06 18:07:32 67072 ----a-w- C:\Windows\System32\wsnmp32.dll
2018-03-06 18:07:19 229376 ----a-w- C:\Windows\System32\scksp.dll
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 0340 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
2018-02-10 18:23:37 111616 ----a-w- C:\Windows\SysWow64\racpldlg.dll
2018-02-10 18:23:27 2292224 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
.
============= FINISH: 11:28:35.83 ===============

I hope this is what you need and that I provided everything. I am wanting to check for any malware since I was hacked in 2016 and never did do a re-install
Attached Files
File Type: txt attach.txt (5.8 KB, 25 views)
janisum is offline  
Sponsored Links
Advertisement
 
Old 06-05-2018, 09:43 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Do you still need help?
janisum likes this.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-06-2018, 12:30 PM   #3
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



I could use it yes. A couple weeks ago my security was replaced
janisum is offline  
Sponsored Links
Advertisement
 
Old 06-06-2018, 08:00 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Quote:
A couple weeks ago my security was replaced
Please explain.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
janisum likes this.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2018, 08:46 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, janisum?

------------------------------------------------------
janisum likes this.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-11-2018, 07:25 PM   #6
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



Yes.. I'm still with ya all and thanks for asking. I ran the tests you had suggested last and need to get them to you. I will send tomorrow. It takes me awhile since I saved it in notepad. Having problems finding the 2 results. I'm not computer savvy at all. Thanks to all of you who have kept me in contact
janisum is offline  
Old 06-12-2018, 12:59 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



The AdwCleaner log, AdwCleaner[C0#].txt, will be located at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt, where # should be 0 if you are running AdwCleaner for the first time, i.e., AdwCleaner[C00].txt

The FRST logs, FRST.txt and Addition.txt, will be located in the same place you saved the FRST64.exe tool, usually on your desktop, or in your Downloads folder.

------------------------------------------------------
janisum likes this.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-16-2018, 11:07 AM   #8
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-06.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-07-2018
# Duration: 00:00:05
# OS: Windows 7 Home Premium
# Cleaned: 2
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Bitberry

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Not Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1306 octets] - [07/06/2018 10:51:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Attached Files
File Type: txt FRST.txt (55.0 KB, 23 views)
File Type: txt Addition.txt (31.7 KB, 23 views)
janisum is offline  
Old 06-17-2018, 03:07 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, janisum. You still didn't explain what happened:

Quote:
A couple weeks ago my security was replaced
------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/windo...-windows-7.htm

------------------------------------------------------

I noticed you have Free File Viewer 2014 installed.

Please read this and decide if you want to keep it >> Free File Viewer 2014 by Bitberry Software - Should I Remove It?

You can uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files (x86)\FreeFileViewer

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {4891C9B4-28F9-4A0D-B32E-920B8E8FBB57} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {4960E208-A793-4AE8-B58E-9F5AD8B431DA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CBB8B2DE-F1C0-40A0-98C6-582F782DE4A4} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2509431089-2399752516-3202122825-500 -> {2E783079-8C8E-4686-A7AC-52310C97C9C2} URL = 
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Toolbar: HKU\S-1-5-21-2509431089-2399752516-3202122825-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-18-2018, 10:28 AM   #10
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



Hi Chemist

I appreciate your help more than you know and for being so patient with me. I need to bother you now. so sorry.. I'm not understanding how to save fixlist (next to) FRST64 in notepad and even more so since I removed FRST64 from notepad a couple days ago thinking it wasn't safe in saving. I'm thinking I would have to run the tool again and save it. But this is more work for you people to then decipher what I need to fix. Am I correct?
I did remove "freefile". I was wondering about that myself. thanks

As for explaining the issue I had with my security info. being replaced, was something microsoft support during a chat, told me had happened. I'd gone into my microsoft security to view my logins and found a successful sync.. I can't find the notes from that chat to explain any further. I wish I could help you better in understanding my issues. I may need to take both laptops to RJ Ender to have them checked out.
janisum is offline  
Old 06-19-2018, 07:31 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



First, the FRST64 tool is FRST64.exe, an executable file, not a textfile and couldn't be saved in Notepad.

As far as saving fixlist.txt next to FRST64.exe, it simply means they must both be saved in the same place(folder, directory, etc.). It appears you saved FRST64.exe in your Downloads folder, so you would also need to save fixlist.txt to your Downloads folder:

C:\Users\Administrator\Downloads

If you deleted FRST64.exe, you would need to re-download it again.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-26-2018, 10:35 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, janisum? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-28-2018, 08:13 AM   #13
Registered Member
 
janisum's Avatar
 
Join Date: Jul 2010
Location: Cedar Rapids, IA
Posts: 17
OS: 7 home premium 64 bit



I went to visit some old friends from the 70's last week and just forgot about this mess on my computer. I understand that you can only help those who help themselves and I've been slacking a bit. I think I'll take it in to a shop and let them do it since I am not good at getting back with you. I appreciate all the help. Thanks again
Janisum
janisum is offline  
Old 06-28-2018, 08:24 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Thanks for letting us know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
SUPERAntiSpyware Review: Free spyware & malware removal security software for Windows
SUPERAntiSpyware Review: Free malware removal security software for Windows
JMH3143 Computer Security News 0 10-23-2013 03:15 PM
Malware Removal Problem not a clue what I am doing
Hi Apologies in Advance, I am not very technically proficient, Netbook began acting up yesterday. Error messages popping up all over the place and Start Menu pretty much cleared, when I go to Open all users, and look at desktop everything is blank, when I ask to show hidden files I can see...
superbluegaa Resolved HJT Threads 22 02-05-2012 02:39 PM
Windows 7 Problems after Malware Removal
I am having performance and web browsing problems after removing malware from my system. I have been working with the Virus/Trojan/Spyware Help forum, and have now been referred to the Windows Vista/Windows 7 Support forum. Quick Summary: 1) AVG detected and removed a threat while I was...
bratcher Windows 7 , Windows Vista Support 23 02-01-2012 12:22 PM
Help with Malware Removal
hey i am having a problem with a error that pops up every time i open a program.i think its malware but im not shure."The application or DLL c:\progra~1\wi9130~1\datamngr\datamngr.dll is not a valid windows image.please check this against your installation disk." please help me i am useing a valid...
Mike_Lamb1958 Virus/Trojan/Spyware Help 1 01-26-2012 02:02 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:38 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts