Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old January 12th, 2017, 11:48 AM
Shirley Jester Shirley Jester is offline
CTH Subscriber
 
Join Date: Jun 2010
O/S: Windows 7 64-bit
Location: Seattle
Posts: 80
Strangeness. very slow powerpoint load, then mystery doc file appears

then abrupt closing of Chrome and docs files after reboot

OTL logfile created on: 1/12/2017 2:13:35 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zibnordt\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18537)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

32.00 Gb Total Physical Memory | 28.74 Gb Available Physical Memory | 89.81% Memory free
63.99 Gb Paging File | 60.87 Gb Available in Paging File | 95.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1651.05 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: ZIBNORDT-PC | User Name: Zibnordt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2017/01/12 01:00:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zibnordt\Downloads\OTL.exe
PRC - [2016/12/19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016/11/15 04:10:57 | 009,080,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/11/07 16:06:00 | 000,197,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/01 12:36:32 | 000,067,944 | ---- | M] (Robert McNeel & Associates) -- c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
PRC - [2014/10/29 22:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Zibnordt\AppData\Local\Akamai\netsession_ win.exe
PRC - [2014/09/18 17:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/11/21 04:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012/07/09 16:01:12 | 000,863,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/07/09 16:01:10 | 000,502,952 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
PRC - [2008/10/01 16:28:56 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2016/11/07 16:08:31 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/11/07 16:06:07 | 000,482,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/11/07 16:06:02 | 000,169,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2016/12/02 00:32:10 | 001,595,400 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2016/11/12 11:08:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/11/10 09:20:56 | 000,121,344 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV:64bit: - [2016/11/07 16:06:00 | 000,197,128 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2016/08/22 08:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/05/21 09:35:14 | 004,630,352 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/09 12:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/01/13 23:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017/01/10 00:53:19 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/12/19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/11/29 22:34:16 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016/11/08 00:52:17 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/01 12:36:32 | 000,067,944 | ---- | M] (Robert McNeel & Associates) [Auto | Running] -- c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe -- (McNeelUpdate)
SRV - [2014/09/18 17:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/11/07 16:11:32 | 000,293,352 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2016/11/07 16:11:29 | 000,513,632 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2016/11/07 16:11:25 | 000,969,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2016/11/07 16:08:39 | 000,163,416 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/11/07 16:08:37 | 000,108,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2016/11/07 16:08:37 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016/11/07 16:08:37 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/11/07 16:08:36 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/11/07 16:05:19 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/05/21 09:35:12 | 000,170,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2015/05/21 09:35:10 | 000,072,664 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2015/01/01 13:20:47 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/11/26 03:53:26 | 000,331,608 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2014/11/26 03:53:24 | 000,303,624 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2014/11/26 03:53:24 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2014/11/26 03:53:22 | 000,091,784 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/30 18:56:54 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NE_UsbDriver_Win64.sy s -- (WinDriver6)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/01 12:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 AA 91 D6 4B 14 D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 2D 24 C7 BD AF 61 D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Twitter"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.seattletimes.com/html/home/index.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_ 186.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_ 186.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Zibnordt\AppData\Local\Citrix\Plugins\104 \npappdetector.dll (Citrix Online)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\sp@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SAFEPRICE\FF [2016/11/07 16:09:02 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016/11/07 16:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/11/07 16:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/11/07 16:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/12/09 23:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Extensio ns
[2016/11/07 14:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\extensions
[2016/11/07 14:46:32 | 000,023,373 | ---- | M] () (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\extensions\firefox-hotfix@mozilla.org.xpi
[2016/11/08 14:46:33 | 000,006,253 | ---- | M] () (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\features\{7f2e923f-6db6-48e1-af52-ed49386e4c02}\e10srollout@mozilla.org.xpi
[2016/11/08 14:46:33 | 000,838,245 | ---- | M] () (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\features\{7f2e923f-6db6-48e1-af52-ed49386e4c02}\firefox@getpocket.com.xpi
[2016/11/08 14:46:33 | 000,005,391 | ---- | M] () (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\features\{7f2e923f-6db6-48e1-af52-ed49386e4c02}\loop@mozilla.org.xpi
[2016/11/08 14:46:33 | 000,005,745 | ---- | M] () (No name found) -- C:\Users\Zibnordt\AppData\Roaming\Mozilla\Firefox\ Profiles\vly226k0.default-1478558352547\features\{7f2e923f-6db6-48e1-af52-ed49386e4c02}\websensehelper@mozilla.org.xpi
[2016/12/20 23:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.9_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck\12.0.155_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap\1.1_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki\12.0.163_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Zibnordt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm\5516.1005.0.3_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Zibnordt\AppData\Local\Akamai\netsession_ win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHCA. EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7510 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: =
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{5A163F50-B942-4D76-BC46-DE5EE6192423}: DhcpNameServer = 10.0.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2016/12/04 21:42:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/12/30 08:45:28 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\AppData\Roaming\NextEngine
[2016/12/30 08:35:58 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\NextEngine
[2016/12/30 08:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NextEngine
[2016/12/29 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\AppData\Local\NextEngine
[2016/12/29 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\Documents\My 3D
[2016/12/29 00:50:00 | 000,158,208 | ---- | C] (Jungo) -- C:\Windows\SysNative\wdapi1020.dll
[2016/12/29 00:50:00 | 000,147,456 | ---- | C] (Jungo) -- C:\Windows\SysWow64\wdapi1020.dll
[2016/12/29 00:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NextEngine
[2016/12/29 00:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\NextEngine
[2016/12/29 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\Documents\RapidWorks64 2.3.5
[2016/12/29 00:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INUS Technology
[2016/12/29 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\INUS Technology
[2016/12/24 02:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NextEngine
[2016/12/24 02:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2016/12/24 02:34:08 | 000,000,000 | ---D | C] -- C:\Users\Zibnordt\Documents\RapidWorks64 3.5.1
[2016/12/24 02:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Rapidform

========== Files - Modified Within 30 Days ==========

[2017/01/12 02:13:17 | 000,000,580 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3264895901-1639894350-3704061418-1000.job
[2017/01/12 01:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017/01/12 00:38:02 | 000,000,676 | ---- | M] () -- C:\Windows\tasks\G2MUploadTask-S-1-5-21-3264895901-1639894350-3704061418-1000.job
[2017/01/12 00:12:44 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/01/11 23:23:29 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/01/11 23:23:29 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/01/11 23:22:09 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/01/11 23:22:09 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/01/11 23:22:09 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/01/11 23:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/01/11 23:15:04 | 4293,119,995 | -HS- | M] () -- C:\hiberfil.sys
[2017/01/10 06:17:42 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2017/01/10 03:04:27 | 000,773,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/01/08 19:05:18 | 000,000,051 | ---- | M] () -- C:\Windows\mwMSimApp.INI
[2016/12/29 01:31:17 | 000,000,231 | ---- | M] () -- C:\Windows\rfCommonBase.INI
[2016/12/29 00:50:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ScanStudio HD.lnk
[2016/12/29 00:29:22 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\RapidWorks 64 2.3.5.lnk
[2016/12/18 02:39:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/12/15 11:15:54 | 000,314,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2017/01/10 06:17:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2016/12/29 00:50:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ScanStudio HD.lnk
[2016/12/29 00:29:22 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\RapidWorks 64 2.3.5.lnk
[2016/12/24 02:34:16 | 000,000,231 | ---- | C] () -- C:\Windows\rfCommonBase.INI
[2016/12/18 02:39:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/11/07 17:08:59 | 000,000,218 | ---- | C] () -- C:\Users\Zibnordt\AppData\Local\recently-used.xbel
[2015/07/22 20:16:46 | 000,000,079 | ---- | C] () -- C:\Windows\EW7510.ini
[2015/06/04 06:26:20 | 000,000,051 | ---- | C] () -- C:\Windows\mwMSimApp.INI
[2015/05/10 02:32:38 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64. bc
[2015/03/13 23:06:51 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
[2015/02/24 20:33:24 | 000,000,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\dcompbg270.dat
[2015/02/24 20:33:24 | 000,000,500 | ---- | C] () -- C:\Windows\d_iclink236.ini
[2015/02/24 20:33:23 | 000,000,500 | ---- | C] () -- C:\Windows\i_iclink599.ini
[2015/02/24 20:33:23 | 000,000,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\fcompbg392.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 07:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 07:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2016/12/04 22:01:26 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Autodesk
[2014/12/09 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\AVAST Software
[2015/06/18 04:08:13 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\CadSoft
[2014/12/27 08:22:58 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\DassaultSystemes
[2015/08/09 12:20:29 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Delcam
[2016/12/02 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\DraftSight
[2014/12/29 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\EDrawings
[2015/07/29 20:01:31 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Epson
[2016/11/29 00:48:14 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\inkscape
[2016/11/07 17:10:03 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\kicad
[2015/07/29 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Leader Technologies
[2015/07/22 20:45:41 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Leadertech
[2014/12/24 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Mastercam
[2015/02/24 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\McNeel
[2016/12/30 08:45:28 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\NextEngine
[2014/12/11 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\OpenOffice
[2015/07/30 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Polar Engineering
[2015/06/16 22:29:50 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\PTC
[2015/06/16 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\PTC Download
[2015/05/26 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Python
[2015/03/16 07:23:19 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\SketchUp
[2015/05/24 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\TechSmith
[2015/06/17 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Zibnordt\AppData\Roaming\Wings3D

========== Purity Check ==========



< End of report >
Reply With Quote


  #2  
Old January 13th, 2017, 12:47 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Howdy Shirley Jester.

Where did this mystery doc file appear, and why do you consider it a mystery? Closing of doc files after a reboot?


The OTL log you posted shows part of what we like to see, but I'll need to see a more recent scan to check things there, so sorry about having to post extra.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old January 13th, 2017, 01:40 AM
Shirley Jester Shirley Jester is offline
CTH Subscriber
 
Join Date: Jun 2010
O/S: Windows 7 64-bit
Location: Seattle
Posts: 80
"Where did this mystery doc file appear, and why do you consider it a mystery?"

The mystery doc appeared in a folder named so it is first in the folders list, in Windows Explorer, below "Local Disk (C"

New docs I create go into this folder. I use this folder all the time. That is how I could easily spot something different. I often create files with a date file name, like "1-17", meaning month and year. Sometimes month-day-year.

The mystery file name is "JUNE 1 10". If I've used that format, it hasn't been in a long time. Creation date/time was 1/10/2017 9:29 pm. I was not using the computer at that time and no one else was.

"Closing of doc files after a reboot?"

After the creation of the mystery file, and before I had found it, I was going thru a bunch of downloaded files; PDFs, Power point, Docs; renaming, deleting duplicates, etc.
Tried opening a 52M Power point. It seemed to be VERY slow. Maybe it was just the size. I tried stopping it several times with the "X" in top right corner, and Alt-F4. Went to Task Manager, could not find it. Maybe it was there and I missed it...

Then I shut down the computer with the power button. Waited 1 minute.

On power up Windows gave options for booting, I said Normal.
Went about searching web with Chrome and exploring/creating/adding to documents.
Not for very long, 5 minutes? Then all Chrome pages and documents disappeared, shut down. I was looking at my desktop, nothing else appeared out of place.

That's when I found the mystery doc. Ran Avast scan, nothing. Ran Malewarebytes, nothing.

AND, I took AnnMarie's advise "Just a wee reminder to folk", and ran System Restore.....
Reply With Quote
  #4  
Old January 13th, 2017, 11:34 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
You ran System Restore, and........?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:25 AM.