In Progress Quardata folder

stkwPete

Thread Starter
Joined
May 21, 2020
Messages
4
First Name
Peter
I have a QUARDATA directory on my desktop which has appeared ;out of nowhere.

PROPERTIES OF THE DIRECTORY -
1590112984869.png

My system details -
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18362, Installed 20190823184420.000000+600
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz, Intel64 Family 6 Model 23 Stepping 10, CPU Count: 2
Total Physical RAM: 3 GB
Graphics Card: Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM 1.0), 256 MB
Hard Drives: C: 231 GB (20 GB Free); D: 465 GB (449 GB Free);
Motherboard: Gigabyte Technology Co., Ltd. G31M-S2L
System: Award Software International, Inc., ver GBT - 42302e31
Antivirus: Norton 360, Enabled and Updated
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
316
Hi, stkwPete.

Welcome to TSG Forums.

I'm DR M and I will be assisting you with your computer.

Please have in mind during the cleaning procedure:

1. Do not run any tool
unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

3. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

=======================================================================

Let's start.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If you get a message
that the tool is malware, ignore it. It's a false-positive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
316
Hi, stkwPete.

Thanks for the logs.

I will review them tomorrow. Here is already 01:00. 🙂
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
316
Hi, stkwPete.

You said that you see the Quardata folder on your Desktop? It's not shown in the logs however.

Let's make some cleaning:

1. A question first:

Did you intentionally enable notifications from these sites?

Code:
hxxps://app.gotowebinar.com;
hxxps://aumysteryshopper.com.au;
hxxps://changiairport.os.tc;
hxxps://dealwiki.net;
hxxps://fly.virginaustralia.com;
hxxps://healthengine.com.au;
hxxps://mashable.com;
hxxps://people.com;
hxxps://producttesting.com.au;
hxxps://www.blindscity.com.au;
hxxps://www.garuda-indonesia.com;
hxxps://www.gumtree.com.au;
hxxps://www.kogan.com;
hxxps://www.oneflare.com.au;
hxxps://www.platypusshoes.com.au;
hxxps://www.pricecheck.co.za;
hxxps://www.techradar.com;
hxxps://www.theathletesfoot.com.au

2. Remove a Chrome extension

  • Type chrome://extensions in the address bar and press Enter.
  • Click Remove under the extension you'd like to completely remove. In your case: Ask Web Search
  • A confirmation dialog appears. Click Remove.

3. Run FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-601134893-2736449416-3837295113-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=AU&ver=22.20.2.57&locale=AU_en&guid=B0DD5857-0533-4D72-B154-28054F70C286&doi=2016-09-01&o=APN11913&cmpgn=mar20&gct=kwd&qsrc=2869
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&enableSearch=true&rdrct=no&redirect=CPC
CHR DefaultSearchKeyword: Default -> ask
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}&enableSearch=true&rdrct=no
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

4. Run MBAM
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) is unchecked.
    Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

5. Run AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply, please make sure to post:
  1. The Fixlog.txt content
  2. The MBAM report
  3. AdwCleaner[S0*].txt
  4. Your reply about the notifications
 

stkwPete

Thread Starter
Joined
May 21, 2020
Messages
4
First Name
Peter
Dear Dr M


Thanks for your prescribed list of tasks to clean up my PC.

I have had issues and therefore not progressed these.

Firstly, in the initial report of my problem, I indicated the “QUARDATA directory on my desktop"

In saying “desktop”, I meant my office / desk bound computer (versus laptop etc.) rather than the Windows Desktop folder / screen.

Quardata directory actually appears among my own directories, as shown in attachment.

Upon receiving your first instruction to instal FRST, I did so. It downloaded an exe which I ran after ignoring the warnings. This created a FRST directory, with a “Logs” subdirectory in which your two log files appeared after I ran the Scan option on FRST’s GUI. I sent the logs back to you.

Upon receiving your “Sunday at 7:36am” message, I could not find an exe for FRST anywhere in my system. The program’s directory and sub directories etc. still existed, but there was no program to execute (FRST.exe or similar) anywhere, not in the FRST directories, not in the Windows Desktop, not in the Windows Programs and features list.

Not sure how I fowled this.

I have redownloaded FRST and rerun the scan. I have its GUI still open and will try to leave it that way (just by putting the system to sleep when not in use) until I hear back. Please indicate whether I can progress your Tuesday at 1:13am instructions, or I need do something else.

Apologies for all this nuisance.
 

Attachments

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
316
Hello.

Thank you for describing the issue.

Yes, please. Go on with the instructions in my previous post.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top