Jump to content
Sign in to follow this  
brownhornet

phone scam

Recommended Posts

a customers wife was greeted with a pop up saying the computer was infected and told to call the # on the screen,,she did(oh no)..they connected to it remotely but the husband told her to hang up when they said it would cost $150 to clean it..he says the computer is slow to start but otherwise ok..here is a scan

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2016 01
Ran by Home (administrator) on HOME-PC (19-11-2016 17:19:19)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2001734C-F1DA-479A-84FC-96E968B9D23F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87F4DB05-5AF7-414D-937F-C05A897E9E8B}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=en-us
HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: 3tazpmnh.default
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default [2016-11-19]
FF Homepage: Mozilla\Firefox\Profiles\3tazpmnh.default -> hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=en-us
hxxps://www.yahoo.com/
FF Extension: (Firefox Hotfix) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-08]
FF Extension: (Adblock Plus) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-26]
FF Extension: (Navigational Sounds) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\Extensions\{d84a846d-f7cb-4187-a408-b171020e8940}.xpi [2016-10-26]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\3tazpmnh.default\features\{f01b3a14-d157-44aa-8d59-cdcbf35828f7}\malware-remediation@mozilla.org.xpi [2016-10-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2123777662-1516311981-2037243955-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2123777662-1516311981-2037243955-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2016-11-19]
CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-11]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-11]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11]
CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-19 17:19 - 2016-11-19 17:19 - 00011316 _____ C:\Users\Home\Downloads\FRST.txt
2016-11-19 17:19 - 2016-11-19 17:19 - 00001396 _____ C:\Users\Home\Desktop\FRST64 - Shortcut.lnk
2016-11-19 17:19 - 2016-11-19 17:19 - 00000000 ____D C:\FRST
2016-11-19 17:18 - 2016-11-19 17:18 - 02413056 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2016-11-19 17:15 - 2016-11-19 17:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-19 17:10 - 2016-11-19 17:10 - 00001488 _____ C:\Users\Home\Desktop\adwcleaner_6.030 - Shortcut.lnk
2016-11-19 17:09 - 2016-11-19 17:09 - 03910208 _____ C:\Users\Home\Downloads\adwcleaner_6.030.exe
2016-11-14 09:51 - 2016-11-14 09:51 - 00000000 ____D C:\Users\Home\AppData\Local\LogMeIn Rescue Applet

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-19 17:19 - 2016-05-11 15:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-19 17:18 - 2009-07-13 21:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-19 17:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-19 17:13 - 2016-05-11 15:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-19 17:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-19 17:12 - 2016-04-06 15:24 - 00000000 ____D C:\AdwCleaner
2016-11-18 15:48 - 2016-04-30 11:05 - 00001319 _____ C:\Users\Home\Desktop\ROBLOX Player.lnk
2016-11-18 15:48 - 2016-04-30 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-11-14 16:24 - 2016-05-11 16:05 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 16:24 - 2016-05-11 16:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-04 14:48 - 2016-04-30 11:09 - 00000000 ____D C:\Users\Home\AppData\Local\Roblox
2016-10-30 14:51 - 2016-05-11 15:59 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2016-10-30 00:00 - 2016-04-05 17:08 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2016-10-27 14:58 - 2009-07-13 21:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-10-12 18:39 - 2016-10-12 18:39 - 0003584 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-06 12:40 - 2016-10-11 17:59 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\libeay32.dll
C:\Users\Home\AppData\Local\Temp\msvcr120.dll
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 20:07

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01
Ran by Home (19-11-2016 17:19:50)
Running from C:\Users\Home\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-04-05 05:25:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2123777662-1516311981-2037243955-500 - Administrator - Disabled)
Guest (S-1-5-21-2123777662-1516311981-2037243955-501 - Limited - Disabled)
Home (S-1-5-21-2123777662-1516311981-2037243955-1000 - Administrator - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.1.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.2.1.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.15 - Intel) Hidden
Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C036412-C64E-4501-8457-B34A14635A48} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {11E17271-0431-448C-B226-B65BC2847529} - System32\Tasks\AVAST Software\Avast settings backup
Task: {1CD36313-6BB8-47B0-B392-C44C10DF2C9B} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {215DF1EB-4291-4CDA-A1DF-ABE7C32D39EE} - System32\Tasks\{D088B91B-A5CE-437C-8B1C-275E19432227} => pcalua.exe -a C:\Users\Home\Downloads\sp53707.exe -d C:\Users\Home\Downloads
Task: {6A1F60DF-D897-4BC7-8849-AC38A7B77E62} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {7285E965-9E3A-4BA2-B71E-FFB02102B93F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {9E3EB503-E0C3-436E-A28C-F42204173FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {D72D5994-6E9B-4E09-9C34-DE96D8BBF1B8} - System32\Tasks\SafeZone scheduled Autoupdate 1459970579 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-09 19:43 - 2016-03-09 19:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-03-09 19:43 - 2016-03-09 19:43 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll
2016-08-30 17:07 - 2016-08-30 17:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-19 12:21 - 2016-11-19 12:21 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111900\algo.dll
2016-08-30 17:07 - 2016-08-30 17:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-30 17:07 - 2016-08-30 17:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2123777662-1516311981-2037243955-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18A774E9-AC41-422F-8FC5-5B5A3DB8316B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92C65A56-1053-4A93-8B92-63ED44831B16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB5900B1-2124-4EF8-AD44-F440A2968BA9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-10-2016 20:57:44 Scheduled Checkpoint
01-11-2016 14:56:21 Scheduled Checkpoint
09-11-2016 12:22:30 Scheduled Checkpoint
16-11-2016 19:08:25 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2016 03:52:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.269.1.29620, time stamp: 0x582e39f8
Faulting module name: RobloxPlayerBeta.exe, version: 0.269.1.29620, time stamp: 0x582e39f8
Exception code: 0xc0000005
Fault offset: 0x0070f561
Faulting process id: 0xe58
Faulting application start time: 0x01d241f676807570
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\RobloxPlayerBeta.exe
Faulting module path: C:\Program Files (x86)\Roblox\Versions\version-c2285b6f3d724119\RobloxPlayerBeta.exe
Report Id: 1f06c4ef-adea-11e6-a5ec-2c27d720bee2

Error: (11/07/2016 08:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.267.0.27338, time stamp: 0x581b8870
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000005
Fault offset: 0x0003485a
Faulting process id: 0x99c
Faulting application start time: 0x01d239744feb45c3
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-e2543a4115cb41d6\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: c27ff8cc-a56a-11e6-a29a-2c27d720bee2

Error: (09/23/2016 02:50:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.261.0.21595, time stamp: 0x57e30e6d
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc000041d
Fault offset: 0x00022372
Faulting process id: 0xc70
Faulting application start time: 0x01d215eb77264d0e
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-a1718013fcc842b1\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 158bf851-81e0-11e6-9295-2c27d720bee2

Error: (09/11/2016 05:03:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RobloxPlayerBeta.exe version 0.259.0.19981 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ee0

Start Time: 01d20c88ec541176

Termination Time: 6

Application Path: C:\Program Files (x86)\Roblox\Versions\version-256edf8e82cb478d\RobloxPlayerBeta.exe

Report Id: a3e123ba-7884-11e6-8e3c-2c27d720bee2

Error: (09/07/2016 04:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.258.0.19508, time stamp: 0x57c870f9
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000005
Fault offset: 0x0002e5a3
Faulting process id: 0xc34
Faulting application start time: 0x01d20968c64f70b0
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-2a3769b753884f05\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 0836de94-755c-11e6-9e34-2c27d720bee2

Error: (07/24/2016 09:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.253.0.14948, time stamp: 0x579001ba
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc000041d
Fault offset: 0x00022372
Faulting process id: 0x4b8
Faulting application start time: 0x01d1e63307de4d6f
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-aee78a51139946c2\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: c00c62b7-5227-11e6-9241-2c27d720bee2

Error: (07/15/2016 08:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.252.0.14159, time stamp: 0x5786bfc0
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000005
Fault offset: 0x00033306
Faulting process id: 0x674
Faulting application start time: 0x01d1df1c04da2747
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-23a05f622b7b47a6\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 464e5f4c-4b0f-11e6-923f-2c27d720bee2

Error: (06/20/2016 07:44:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.248.0.11430, time stamp: 0x5761cc7e
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc0000005
Fault offset: 0x0002e546
Faulting process id: 0xa58
Faulting application start time: 0x01d1cb6f1c935224
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-6675f84c75f246df\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 68284f0f-3762-11e6-a1b3-2c27d720bee2

Error: (05/25/2016 03:24:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.244.0.9061, time stamp: 0x573bc807
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc000041d
Fault offset: 0x00022372
Faulting process id: 0xd4c
Faulting application start time: 0x01d1b6dc924dbf29
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-3df8ddf7c03c4c87\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: da6f8165-22cf-11e6-a1fb-2c27d720bee2

Error: (05/25/2016 03:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.244.0.9061, time stamp: 0x573bc807
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd51f
Exception code: 0xc000041d
Fault offset: 0x00022372
Faulting process id: 0xac8
Faulting application start time: 0x01d1b6dc8217baa5
Faulting application path: C:\Program Files (x86)\Roblox\Versions\version-3df8ddf7c03c4c87\RobloxPlayerBeta.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: c9a13246-22cf-11e6-a1fb-2c27d720bee2


System errors:
=============
Error: (11/19/2016 05:12:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE service terminated unexpectedly. It has done this 1 time(s).

Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/19/2016 05:11:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/19/2016 05:02:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/03/2016 04:19:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:17:07 PM on ‎11/‎3/‎2016 was unexpected.

Error: (10/24/2016 03:12:11 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/11/2016 12:57:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:56:27 PM on ‎10/‎11/‎2016 was unexpected.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 3037.24 MB
Available physical RAM: 1727.54 MB
Total Virtual: 6072.69 MB
Available Virtual: 4743.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:892.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1AEEC0E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Nothing jumps out other then a few errors for hardware and a game not loading properly.

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.

    In order to use AdwCleaner, you have to agree the Eula:

  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post

 

AdwCleaner[C1].txt

JRT.txt

Share this post


Link to post
Share on other sites

ran adw first and it cleaned some stuff...JRT came up witth nothing..MB cleaned some PUP items as well..

 

 

# AdwCleaner v6.030 - Logfile created 19/11/2016 at 17:12:06
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-19.2 [server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk


***** [ Files ] *****

[-] File deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
[-] File deleted: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com
[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com
[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1558 Bytes] - [19/11/2016 17:12:06]
C:\AdwCleaner\AdwCleaner[s1].txt - [758 Bytes] - [06/04/2016 15:25:15]
C:\AdwCleaner\AdwCleaner[s2].txt - [1900 Bytes] - [19/11/2016 17:11:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1776 Bytes] ##########

Share this post


Link to post
Share on other sites

Rule of thumb for intrusions

Change passwords for delicate sites from a known clean computer.

 

Please download Emsisoft Emergency Kit and save it to your desktop.

Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

  • Leave all settings as they are and click the Extract button at the bottom.
  • A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
  • Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options.
  • If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and copy it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Share this post


Link to post
Share on other sites

hi, forgot to tell ya that i will have the laptop back after thanksgiving..the customers kids want to use it over the school break...happy thanksgiving....

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...