Jump to content

Persistent PCSweeper and tcf..huntergui.com infection


Recommended Posts

Are you aware that Opera won't even let me sign in to your site?  It's the only browser I have not showing some infection.

 

Anyhow, trying to help a friend.  Win 7 64 bit machine.  Running expired version of Kaspersky.I uninstalled a bunch of obvious adwares.  Then ran MSMRT.  Then ran Malwarebytes.  All removed several malwares and pups.  I figured I was home free.  Starting up Chrome,   Mbam warns me of attempt to reach tcf.huntergui.com and nhn.rundevoptions.com.   Mbam blames them on Kaspersky.   Then I get warnings from PC Sweeper and then lower half of screen fills with ads.

 

I can't find PC Sweeper anywhere. 

 

Addition.txtFRST.txtscan_150912-120713.txt

Edited by Kevin Zoll
Poll removed
Link to post
Share on other sites

Do the following:

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

    NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

Download Junkware Removal Tool and save it on your desktop.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9-x64 01 C:\Windows\system32\VOTPrx64.dll No File 
Winsock: Catalog9-x64 02 C:\Windows\system32\VOTPrx64.dll No File 
Winsock: Catalog9-x64 03 C:\Windows\system32\VOTPrx64.dll No File 
Winsock: Catalog9-x64 04 C:\Windows\system32\VOTPrx64.dll No File 
Winsock: Catalog9-x64 15 C:\Windows\system32\VOTPrx64.dll No File 
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3938837629-4105121520-1233043936-500 -> OldSearch URL = 
Toolbar: HKU\S-1-5-21-3938837629-4105121520-1233043936-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3938837629-4105121520-1233043936-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3938837629-4105121520-1233043936-1001 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
2015-09-09 16:56 - 2015-09-09 16:56 - 00000000 _____ C:\Windows\SysWOW64\sho257B.tmp
2015-09-08 22:36 - 2015-09-08 22:36 - 00000000 _____ C:\Windows\SysWOW64\shoE428.tmp
2015-09-08 21:03 - 2015-09-08 21:03 - 00000000 ____D C:\Users\Susan\AppData\Local\{E31F4FC0-7540-4AA6-A43F-297667B3CD18}
2015-09-05 22:35 - 2015-09-05 22:35 - 00630651 _____ C:\ProgramData\SPLA286.tmp
2015-09-05 22:03 - 2015-09-05 22:03 - 01016054 _____ C:\ProgramData\SPLFDBF.tmp
2015-08-26 08:13 - 2015-08-26 08:13 - 00000000 _____ C:\Windows\SysWOW64\shoB6C1.tmp
2015-08-17 23:42 - 2015-08-17 23:42 - 00725160 _____ C:\ProgramData\SPLDAC7.tmp
2015-08-17 22:20 - 2015-08-17 22:20 - 00000000 ____D C:\Users\Susan\AppData\Local\{F88DEEBD-124D-4667-9AA2-3C36002B15F8}
2015-08-15 21:55 - 2015-08-15 21:55 - 00000000 ____D C:\Users\Susan\AppData\Local\{4375E942-BB1D-4CC6-B001-F4133EA0B1E5}
2015-08-15 16:17 - 2015-08-15 16:17 - 00597760 _____ C:\ProgramData\SPL19F8.tmp
2014-08-04 22:54 - 2014-08-04 22:54 - 1083036 _____ () C:\ProgramData\SPL1064.tmp
2015-02-19 20:22 - 2015-02-19 20:22 - 0547013 _____ () C:\ProgramData\SPL1074.tmp
2014-06-25 07:13 - 2014-06-25 07:13 - 0200940 _____ () C:\ProgramData\SPL11CB.tmp
2015-02-18 15:29 - 2015-02-18 15:29 - 3057884 _____ () C:\ProgramData\SPL12A8.tmp
2015-03-04 00:19 - 2015-03-04 00:19 - 0738655 _____ () C:\ProgramData\SPL1342.tmp
2015-07-09 23:00 - 2015-07-09 23:00 - 0215268 _____ () C:\ProgramData\SPL1757.tmp
2014-08-04 07:57 - 2014-08-04 07:57 - 0427656 _____ () C:\ProgramData\SPL18DE.tmp
2015-08-15 16:17 - 2015-08-15 16:17 - 0597760 _____ () C:\ProgramData\SPL19F8.tmp
2014-01-30 23:02 - 2014-01-30 23:02 - 0412259 _____ () C:\ProgramData\SPL1C75.tmp
2015-07-20 21:59 - 2015-07-20 21:59 - 0462672 _____ () C:\ProgramData\SPL1CF7.tmp
2015-02-15 00:41 - 2015-02-15 00:41 - 0783808 _____ () C:\ProgramData\SPL1D20.tmp
2014-08-03 22:57 - 2014-08-03 22:57 - 0287340 _____ () C:\ProgramData\SPL1DBE.tmp
2015-07-09 00:53 - 2015-07-09 00:53 - 1076237 _____ () C:\ProgramData\SPL1ED9.tmp
2015-07-09 19:12 - 2015-07-09 19:12 - 0028546 _____ () C:\ProgramData\SPL21E8.tmp
2014-10-13 16:45 - 2014-10-13 16:45 - 2057312 _____ () C:\ProgramData\SPL2329.tmp
2014-10-10 23:05 - 2014-10-10 23:05 - 1357298 _____ () C:\ProgramData\SPL2442.tmp
2015-05-31 22:40 - 2015-05-31 22:40 - 1161846 _____ () C:\ProgramData\SPL26C5.tmp
2015-04-28 23:44 - 2015-04-28 23:44 - 0464988 _____ () C:\ProgramData\SPL274E.tmp
2014-02-16 14:30 - 2014-02-16 14:30 - 1975989 _____ () C:\ProgramData\SPL28B5.tmp
2015-01-19 21:16 - 2015-01-19 21:16 - 0003660 _____ () C:\ProgramData\SPL2916.tmp
2015-05-30 08:06 - 2015-05-30 08:06 - 0403448 _____ () C:\ProgramData\SPL29AE.tmp
2014-02-04 22:32 - 2014-02-04 22:32 - 0823793 _____ () C:\ProgramData\SPL2A7B.tmp
2014-02-03 23:29 - 2014-02-03 23:29 - 0122868 _____ () C:\ProgramData\SPL2AC7.tmp
2015-07-10 22:27 - 2015-07-10 22:27 - 0408900 _____ () C:\ProgramData\SPL2AF9.tmp
2014-04-01 22:14 - 2014-04-01 22:14 - 1313070 _____ () C:\ProgramData\SPL2DE3.tmp
2012-04-17 06:50 - 2012-04-17 06:50 - 0213627 _____ () C:\ProgramData\SPL311E.tmp
2015-06-08 23:24 - 2015-06-08 23:24 - 2756656 _____ () C:\ProgramData\SPL3295.tmp
2013-02-24 14:02 - 2013-02-24 14:02 - 1000510 _____ () C:\ProgramData\SPL334F.tmp
2014-08-05 22:34 - 2014-08-05 22:34 - 0052322 _____ () C:\ProgramData\SPL35EF.tmp
2014-10-12 20:46 - 2014-10-12 20:46 - 2057312 _____ () C:\ProgramData\SPL35F0.tmp
2014-01-02 22:29 - 2014-01-02 22:29 - 1394340 _____ () C:\ProgramData\SPL3746.tmp
2014-10-18 23:30 - 2014-10-18 23:30 - 0016328 _____ () C:\ProgramData\SPL3997.tmp
2014-04-13 22:14 - 2014-04-13 22:14 - 1572954 _____ () C:\ProgramData\SPL3A0C.tmp
2015-05-29 08:12 - 2015-05-29 08:12 - 0403448 _____ () C:\ProgramData\SPL3A8F.tmp
2014-12-19 16:50 - 2014-12-19 16:50 - 9060509 _____ () C:\ProgramData\SPL3C06.tmp
2014-09-18 17:38 - 2014-09-18 17:38 - 1523238 _____ () C:\ProgramData\SPL3E18.tmp
2014-10-25 21:30 - 2014-10-25 21:30 - 3212492 _____ () C:\ProgramData\SPL40C8.tmp
2015-05-28 22:11 - 2015-05-28 22:11 - 0403448 _____ () C:\ProgramData\SPL4182.tmp
2015-02-15 00:34 - 2015-02-15 00:34 - 0783808 _____ () C:\ProgramData\SPL4337.tmp
2014-04-13 13:50 - 2014-04-13 13:50 - 0345060 _____ () C:\ProgramData\SPL451C.tmp
2015-02-12 23:26 - 2015-02-12 23:26 - 0762266 _____ () C:\ProgramData\SPL4579.tmp
2015-02-06 23:46 - 2015-02-06 23:46 - 7948913 _____ () C:\ProgramData\SPL49BC.tmp
2015-05-11 23:29 - 2015-05-11 23:29 - 0755711 _____ () C:\ProgramData\SPL49DD.tmp
2015-05-28 08:17 - 2015-05-28 08:17 - 0403448 _____ () C:\ProgramData\SPL4C7A.tmp
2014-12-07 21:05 - 2014-12-07 21:06 - 45767354 _____ () C:\ProgramData\SPL4D64.tmp
2015-01-25 22:56 - 2015-01-25 22:56 - 3595018 _____ () C:\ProgramData\SPL4F5C.tmp
2015-01-23 00:01 - 2015-01-23 00:01 - 0009008 _____ () C:\ProgramData\SPL4FD8.tmp
2014-12-14 16:01 - 2014-12-14 16:01 - 0218524 _____ () C:\ProgramData\SPL53D.tmp
2014-02-11 08:04 - 2014-02-11 08:04 - 0167716 _____ () C:\ProgramData\SPL53E9.tmp
2014-03-13 22:40 - 2014-03-13 22:40 - 0265432 _____ () C:\ProgramData\SPL5448.tmp
2015-01-31 00:04 - 2015-01-31 00:04 - 1650160 _____ () C:\ProgramData\SPL55BD.tmp
2014-08-10 22:50 - 2014-08-10 22:50 - 0340220 _____ () C:\ProgramData\SPL5679.tmp
2015-01-12 18:20 - 2015-01-12 18:20 - 0010430 _____ () C:\ProgramData\SPL56C8.tmp
2014-08-10 16:34 - 2014-08-10 16:34 - 0011358 _____ () C:\ProgramData\SPL581F.tmp
2014-11-14 09:01 - 2014-11-14 09:01 - 4813330 _____ () C:\ProgramData\SPL58E8.tmp
2014-12-20 11:06 - 2014-12-20 11:06 - 1288616 _____ () C:\ProgramData\SPL59E4.tmp
2014-12-07 22:44 - 2014-12-07 22:44 - 45767354 _____ () C:\ProgramData\SPL5A6E.tmp
2015-02-01 09:18 - 2015-02-01 09:18 - 8581228 _____ () C:\ProgramData\SPL5B49.tmp
2015-07-14 09:25 - 2015-07-14 09:25 - 8716177 _____ () C:\ProgramData\SPL5C73.tmp
2015-03-28 17:56 - 2015-03-28 17:56 - 8175978 _____ () C:\ProgramData\SPL5CA.tmp
2014-12-07 22:36 - 2014-12-07 22:37 - 45767354 _____ () C:\ProgramData\SPL5DE7.tmp
2014-05-04 09:13 - 2014-05-04 09:13 - 0020596 _____ () C:\ProgramData\SPL5F5E.tmp
2015-02-17 22:52 - 2015-02-17 22:52 - 1650130 _____ () C:\ProgramData\SPL600C.tmp
2014-12-14 21:37 - 2014-12-14 21:37 - 1994644 _____ () C:\ProgramData\SPL62D8.tmp
2015-04-26 22:14 - 2015-04-26 22:14 - 0051036 _____ () C:\ProgramData\SPL63E1.tmp
2014-05-17 13:49 - 2014-05-17 13:49 - 0016722 _____ () C:\ProgramData\SPL6473.tmp
2014-07-20 15:50 - 2014-07-20 15:50 - 0019488 _____ () C:\ProgramData\SPL647E.tmp
2015-01-01 18:19 - 2015-01-01 18:19 - 8873822 _____ () C:\ProgramData\SPL6AF6.tmp
2014-02-06 08:05 - 2014-02-06 08:05 - 0061752 _____ () C:\ProgramData\SPL6DDF.tmp
2014-12-18 23:48 - 2014-12-18 23:48 - 2115544 _____ () C:\ProgramData\SPL6EF9.tmp
2015-01-06 19:09 - 2015-01-06 19:09 - 2288496 _____ () C:\ProgramData\SPL704F.tmp
2015-07-27 09:40 - 2015-07-27 09:40 - 0808668 _____ () C:\ProgramData\SPL711.tmp
2015-01-30 23:46 - 2015-01-30 23:46 - 1459089 _____ () C:\ProgramData\SPL7320.tmp
2015-02-04 22:34 - 2015-02-04 22:34 - 30313749 _____ () C:\ProgramData\SPL7416.tmp
2014-01-21 18:45 - 2014-01-21 18:45 - 0011788 _____ () C:\ProgramData\SPL75AE.tmp
2015-01-27 20:12 - 2015-01-27 20:12 - 0074200 _____ () C:\ProgramData\SPL783D.tmp
2014-11-08 14:21 - 2014-11-08 14:21 - 0004056 _____ () C:\ProgramData\SPL7889.tmp
2014-07-14 07:32 - 2014-07-14 07:32 - 0021218 _____ () C:\ProgramData\SPL78E.tmp
2014-02-09 23:12 - 2014-02-09 23:12 - 0771721 _____ () C:\ProgramData\SPL7E72.tmp
2012-03-08 08:29 - 2012-03-08 08:29 - 0098381 _____ () C:\ProgramData\SPL7EFE.tmp
2015-06-09 10:22 - 2015-06-09 10:22 - 2756656 _____ () C:\ProgramData\SPL80B.tmp
2014-10-18 20:29 - 2014-10-18 20:29 - 1980740 _____ () C:\ProgramData\SPL82F5.tmp
2015-01-28 07:21 - 2015-01-28 07:21 - 2381966 _____ () C:\ProgramData\SPL83FF.tmp
2014-12-04 00:53 - 2014-12-04 00:53 - 0541472 _____ () C:\ProgramData\SPL84C.tmp
2015-01-01 13:28 - 2015-01-01 13:28 - 3787008 _____ () C:\ProgramData\SPL8576.tmp
2014-08-04 23:41 - 2014-08-04 23:41 - 0175528 _____ () C:\ProgramData\SPL8739.tmp
2015-01-12 15:11 - 2015-01-12 15:11 - 0131340 _____ () C:\ProgramData\SPL8E3B.tmp
2014-07-18 23:11 - 2014-07-18 23:11 - 0377026 _____ () C:\ProgramData\SPL908C.tmp
2014-03-30 21:50 - 2014-03-30 21:50 - 1459490 _____ () C:\ProgramData\SPL9362.tmp
2015-05-27 23:04 - 2015-05-27 23:04 - 0403448 _____ () C:\ProgramData\SPL9887.tmp
2014-11-24 23:41 - 2014-11-24 23:41 - 0801097 _____ () C:\ProgramData\SPL9981.tmp
2014-12-10 08:34 - 2014-12-10 08:34 - 0643013 _____ () C:\ProgramData\SPL9BF1.tmp
2014-07-28 22:59 - 2014-07-28 22:59 - 1732040 _____ () C:\ProgramData\SPL9C11.tmp
2015-04-02 20:58 - 2015-04-02 20:58 - 2645378 _____ () C:\ProgramData\SPL9ECA.tmp
2015-09-05 22:35 - 2015-09-05 22:35 - 0630651 _____ () C:\ProgramData\SPLA286.tmp
2015-03-24 22:37 - 2015-03-24 22:37 - 1643998 _____ () C:\ProgramData\SPLA43A.tmp
2015-04-13 14:46 - 2015-04-13 14:46 - 0934533 _____ () C:\ProgramData\SPLA5A2.tmp
2014-06-16 18:59 - 2014-06-16 18:59 - 0341936 _____ () C:\ProgramData\SPLA68B.tmp
2014-01-12 15:12 - 2014-01-12 15:12 - 0345836 _____ () C:\ProgramData\SPLA9B.tmp
2014-09-25 22:31 - 2014-09-25 22:31 - 0796825 _____ () C:\ProgramData\SPLADA.tmp
2015-04-10 15:01 - 2015-04-10 15:01 - 0398533 _____ () C:\ProgramData\SPLADCC.tmp
2015-02-17 23:58 - 2015-02-17 23:58 - 1774944 _____ () C:\ProgramData\SPLAEB6.tmp
2015-06-10 23:58 - 2015-06-10 23:58 - 0110056 _____ () C:\ProgramData\SPLAFB1.tmp
2014-12-19 17:10 - 2014-12-19 17:10 - 2854315 _____ () C:\ProgramData\SPLB376.tmp
2014-03-23 20:44 - 2014-03-23 20:44 - 0462398 _____ () C:\ProgramData\SPLB74D.tmp
2014-03-23 15:28 - 2014-03-23 15:28 - 0788892 _____ () C:\ProgramData\SPLBA98.tmp
2014-12-03 22:14 - 2014-12-03 22:14 - 0091292 _____ () C:\ProgramData\SPLBB07.tmp
2015-07-26 21:34 - 2015-07-26 21:34 - 3173085 _____ () C:\ProgramData\SPLBCBA.tmp
2014-03-31 09:01 - 2014-03-31 09:01 - 1523238 _____ () C:\ProgramData\SPLC11.tmp
2015-06-22 23:10 - 2015-06-22 23:10 - 0116628 _____ () C:\ProgramData\SPLC4A6.tmp
2014-02-02 22:28 - 2014-02-02 22:28 - 2982801 _____ () C:\ProgramData\SPLC4C5.tmp
2015-01-01 11:56 - 2015-01-01 11:56 - 2554710 _____ () C:\ProgramData\SPLC5DD.tmp
2015-03-04 00:16 - 2015-03-04 00:16 - 3078123 _____ () C:\ProgramData\SPLC84E.tmp
2015-05-16 22:40 - 2015-05-16 22:40 - 0317781 _____ () C:\ProgramData\SPLC8BB.tmp
2014-12-07 09:17 - 2014-12-07 09:17 - 45767354 _____ () C:\ProgramData\SPLC9B4.tmp
2015-03-06 23:44 - 2015-03-06 23:44 - 8407794 _____ () C:\ProgramData\SPLCB9A.tmp
2014-11-28 21:41 - 2014-11-28 21:41 - 0796879 _____ () C:\ProgramData\SPLCBE6.tmp
2014-02-24 22:50 - 2014-02-24 22:50 - 0047234 _____ () C:\ProgramData\SPLCC64.tmp
2014-04-13 23:09 - 2014-04-13 23:09 - 0059740 _____ () C:\ProgramData\SPLCC73.tmp
2015-03-31 12:52 - 2015-03-31 12:52 - 0896655 _____ () C:\ProgramData\SPLCCF1.tmp
2015-08-09 21:42 - 2015-08-09 21:42 - 0727532 _____ () C:\ProgramData\SPLD088.tmp
2014-10-28 22:20 - 2014-10-28 22:20 - 1150052 _____ () C:\ProgramData\SPLD195.tmp
2015-06-11 08:31 - 2015-06-11 08:31 - 0110056 _____ () C:\ProgramData\SPLD39.tmp
2015-02-17 15:52 - 2015-02-17 15:52 - 0048818 _____ () C:\ProgramData\SPLD3B5.tmp
2014-12-20 13:30 - 2014-12-20 13:30 - 1288616 _____ () C:\ProgramData\SPLD4DB.tmp
2015-07-09 22:39 - 2015-07-09 22:39 - 0374761 _____ () C:\ProgramData\SPLD5C8.tmp
2014-10-13 22:45 - 2014-10-13 22:45 - 2057312 _____ () C:\ProgramData\SPLD844.tmp
2015-06-14 00:17 - 2015-06-14 00:17 - 0399108 _____ () C:\ProgramData\SPLD895.tmp
2014-12-19 16:15 - 2014-12-19 16:15 - 1244795 _____ () C:\ProgramData\SPLDA1A.tmp
2014-11-29 22:57 - 2014-11-29 22:57 - 0325856 _____ () C:\ProgramData\SPLDA57.tmp
2014-07-13 19:40 - 2014-07-13 19:40 - 0031402 _____ () C:\ProgramData\SPLDA7A.tmp
2015-08-17 23:42 - 2015-08-17 23:42 - 0725160 _____ () C:\ProgramData\SPLDAC7.tmp
2014-07-29 22:06 - 2014-07-29 22:06 - 0016008 _____ () C:\ProgramData\SPLDAE4.tmp
2015-07-27 07:15 - 2015-07-27 07:15 - 0808668 _____ () C:\ProgramData\SPLDD25.tmp
2015-06-14 07:05 - 2015-06-14 07:05 - 0648803 _____ () C:\ProgramData\SPLDD28.tmp
2014-10-27 23:15 - 2014-10-27 23:15 - 0801682 _____ () C:\ProgramData\SPLDE25.tmp
2015-03-03 21:02 - 2015-03-03 21:02 - 0311692 _____ () C:\ProgramData\SPLDE8B.tmp
2015-01-13 23:30 - 2015-01-13 23:30 - 0057112 _____ () C:\ProgramData\SPLE070.tmp
2014-01-21 14:50 - 2014-01-21 14:50 - 0025644 _____ () C:\ProgramData\SPLE216.tmp
2014-08-18 22:17 - 2014-08-18 22:17 - 0669438 _____ () C:\ProgramData\SPLE408.tmp
2015-02-22 14:02 - 2015-02-22 14:02 - 2766911 _____ () C:\ProgramData\SPLE585.tmp
2015-06-08 23:41 - 2015-06-08 23:42 - 2756656 _____ () C:\ProgramData\SPLE81C.tmp
2013-12-16 23:58 - 2013-12-16 23:58 - 0809765 _____ () C:\ProgramData\SPLE8ED.tmp
2015-04-28 23:40 - 2015-04-28 23:40 - 0464988 _____ () C:\ProgramData\SPLE91A.tmp
2014-09-26 08:24 - 2014-09-26 08:24 - 6995880 _____ () C:\ProgramData\SPLEB96.tmp
2014-03-15 11:31 - 2014-03-15 11:31 - 1360342 _____ () C:\ProgramData\SPLEC62.tmp
2015-04-22 22:18 - 2015-04-22 22:18 - 0017660 _____ () C:\ProgramData\SPLEC91.tmp
2015-03-16 22:59 - 2015-03-16 22:59 - 1129620 _____ () C:\ProgramData\SPLEF1F.tmp
2015-03-04 00:18 - 2015-03-04 00:18 - 3372667 _____ () C:\ProgramData\SPLEF3E.tmp
2014-04-27 21:23 - 2014-04-27 21:24 - 42495848 _____ () C:\ProgramData\SPLF0E3.tmp
2015-07-09 19:26 - 2015-07-09 19:26 - 0028546 _____ () C:\ProgramData\SPLF2F5.tmp
2015-06-06 19:47 - 2015-06-06 19:47 - 1190336 _____ () C:\ProgramData\SPLF5F6.tmp
2014-09-19 22:41 - 2014-09-19 22:41 - 1248770 _____ () C:\ProgramData\SPLF862.tmp
2013-05-08 22:17 - 2013-05-08 22:17 - 0222660 _____ () C:\ProgramData\SPLF872.tmp
2015-01-03 00:54 - 2015-01-03 00:54 - 0196660 _____ () C:\ProgramData\SPLF891.tmp
2014-03-16 20:17 - 2014-03-16 20:17 - 0292219 _____ () C:\ProgramData\SPLF9C9.tmp
2014-05-17 14:29 - 2014-05-17 14:29 - 0027182 _____ () C:\ProgramData\SPLFB8F.tmp
2015-07-29 21:57 - 2015-07-29 21:57 - 2465328 _____ () C:\ProgramData\SPLFC0A.tmp
2015-08-09 20:41 - 2015-08-09 20:41 - 0542879 _____ () C:\ProgramData\SPLFCC3.tmp
2015-09-05 22:03 - 2015-09-05 22:03 - 1016054 _____ () C:\ProgramData\SPLFDBF.tmp
2014-12-14 23:38 - 2014-12-14 23:38 - 9891251 _____ () C:\ProgramData\SPLFE5B.tmp
C:\Users\Susan\AppData\Local\Temp\1raujmof.dll
C:\Users\Susan\AppData\Local\Temp\524179~1.exe
C:\Users\Susan\AppData\Local\Temp\abuyhdoo.dll
C:\Users\Susan\AppData\Local\Temp\aulauncher.exe
C:\Users\Susan\AppData\Local\Temp\btitkfsd.dll
C:\Users\Susan\AppData\Local\Temp\encknvfe.dll
C:\Users\Susan\AppData\Local\Temp\ikz96oaw.dll
C:\Users\Susan\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\Susan\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Susan\AppData\Local\Temp\nywq-rzp.dll
C:\Users\Susan\AppData\Local\Temp\qawshnps.dll
Task: {0CC543FE-6CCD-4E52-ADD6-3C4BEEB4FD3D} - System32\Tasks\OutstandinContr4 => C:\Users\Susan\AppData\Local\CrGrai87\Crseek.exe
Task: {0E1C0023-DE1E-48EF-BCF0-A34FE851FD5A} - System32\Tasks\ClutterHoriz7 => C:\Users\Susan\AppData\Local\CrGrai87\Crtransform.exe
Task: {5984CB33-624B-4163-B854-68B10B021348} - \PROPCCleaner_Start -> No File <==== ATTENTION
Task: C:\Windows\Tasks\ClutterHoriz7.job => C:\Users\Susan\AppData\Local\CrGrai87\Crtransform.exe
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...