1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress The famous StartupCheckLibrary.dll and winscomrssrv.dll

Discussion in 'Virus & Other Malware Removal' started by ndxc, Jan 15, 2020.

Advertisement
  1. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    I have a bad history with this trojan. Already got infected by it a few times, had to format my PC like three times recently.

    Then on 9th January I got infected again and decided to find a way to remove it or work around it somehow. I noticed it always deleted and/or blocked my Windows Defender, Windows Updates and any antivirus I had installed at the time. It also deleted any restore points I created, but this time I managed to restore it somehow. It wasn't through Windows 10 System Restore, but through the advanced restart, then restoring from there.

    Then as expected I got infected again since it was just a restore and now I'd like your help to assist me on removing it without either restoring or formatting my PC, if possible.

    I also suspect on what could be infecting me again and again but unfortunately I can't remove the things I suspect because I need them. But if you could help me get rid of it once I can at least learn the process and repeat it by my own when needed.
     

    Attached Files:

  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Hi ndxc, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.
    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  3. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    Done (y)
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Hi ndxc,

    Sorry for the delay.

    It looks like you may have pirated/cracked software on your computer. Not only is this type of software illegal in many places, it is a significant security risk. Viruses, malware, and spyware are often packaged with illegal software.
    Please remove any pirated software from your computer, then do the following:

    ---------------------------------------------------
    CKScanner

    Download CKScanner by askey127 from here

    Important : Save it to your desktop.
    • Double-click CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    ---------------------------------------------------

    In your next reply, please include:
    • CKFiles.txt
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,236
    Please open an Elevated Command Prompt window (on the Start screen, type "Command" - a Command Prompt icon will appear, right-click on it and select Run as Administrator) then at the prompt, type the following (be sure to include the spaces):

    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

    After running the command, two files will appear on your desktop, report.txt and repfiles.cab. Please open the report.txt file in Notepad and copy and paste the contents here. The repfiles.cab is only a backup file and can be ignored for the time being.
     
  6. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    Hey, no problem. There you go:

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.1_none_8f03ecc82cf7c75c\ssh-keygen.exe
    scanner sequence 3.NA.11.OJAPLZ
    ----- EOF -----
     
  7. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    <DiagReport>
    <LicensingData>
    <ToolVersion>10.0.18362.1</ToolVersion>
    <LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
    <LicensingStatusReason>0x4004F401</LicensingStatusReason>
    <LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
    <LocalGenuineResultP>1</LocalGenuineResultP>
    <LastOnlineGenuineResult></LastOnlineGenuineResult>
    <GraceTimeMinutes>0</GraceTimeMinutes>
    <TotalGraceDays>0</TotalGraceDays>
    <ValidityExpiration></ValidityExpiration>
    <ActivePartialProductKey>3V66T</ActivePartialProductKey>
    <ActiveProductKeyPid2>00330-80000-00000-AA011</ActiveProductKeyPid2>
    <OSVersion>10.0.18363.2.00010100.0.0.048</OSVersion>
    <ProductName>Windows 10 Pro</ProductName>
    <ProcessorArchitecture>x64</ProcessorArchitecture>
    <EditionId>Professional</EditionId>
    <BuildLab>18362.19h1_release.190318-1202</BuildLab>
    <TimeZone>E. South America Standard Time(GMT-03:00)</TimeZone>
    <ActiveSkuId>4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c</ActiveSkuId>
    <ActiveSkuDescription>Windows(R) Operating System, RETAIL channel</ActiveSkuDescription>
    <ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
    <ActiveProductKeyPKeyId>3c40a285-2469-ae8d-e740-6be881cd3eb6</ActiveProductKeyPKeyId>
    <ActiveProductKeyPidEx>03612-03308-000-000000-00-1033-18363.0000-3452019</ActiveProductKeyPidEx>
    <ActiveProductKeyChannel>Retail</ActiveProductKeyChannel>
    <ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
    <OfflineInstallationId>541123331923363649820784860038665705378006049704454747410076484</OfflineInstallationId>
    <DomainJoined>false</DomainJoined>
    <ComputerSid>S-1-5-21-2543825520-2748629785-3538525464</ComputerSid>
    <ProductLCID>1033</ProductLCID>
    <UserLCID>1033</UserLCID>
    <SystemLCID>1033</SystemLCID>
    <CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
    <ServiceAvailable>true</ServiceAvailable>
    <OemMarkerVersion></OemMarkerVersion>
    <OemId></OemId>
    <OemTableId></OemTableId>
    <OA3ProductKey>0xC004F057</OA3ProductKey>
    <ActivationScenarioCode></ActivationScenarioCode>
    <ProductKeyCode></ProductKeyCode>
    <Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer>
    <Model>B360M AORUS Gaming 3</Model>
    <InstallDate>20191222143843.000000-180</InstallDate>
    </LicensingData>
    <HealthCheck>
    <Result>PASS</Result>
    <TamperedItems></TamperedItems>
    </HealthCheck>
    <GenuineAuthz>
    <ServerProps>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;genuineAuthorization xmlns=&quot;http://www.microsoft.com/DRM/SL/GenuineAuthorization/1.0&quot;&gt;&lt;version&gt;1.0&lt;/version&gt;&lt;genuineProperties origin=&quot;sppclient&quot;&gt;&lt;properties&gt;OA3xOriginalProductId=;OA3xOriginalProductKey=;SessionId=LicensingDiag;TimeStampClient=2020-01-20T16:04:37Z&lt;/properties&gt;&lt;signatures&gt;&lt;signature name=&quot;clientLockboxKey&quot; method=&quot;rsa-sha256&quot;&gt;wo5bXUCiAMezRIMm5Nsrup3LOEIn9z39MVYhWs2/+Zl9zsf2zOrY6F2D+0qPejYt/ZFq/qXcOBVbUHX53Emerzt+T4pgqspFvpT5p/LmiG12jS9/Fw/WJXTN+GgjIzUYfzsNjNdasX6JTFzJEbb6zmlvNWigS2BQdO4BaqsWy2s=&lt;/signature&gt;&lt;/signatures&gt;&lt;/genuineProperties&gt;&lt;/genuineAuthorization&gt;</ServerProps>
    </GenuineAuthz>
    </DiagReport>
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Is the copy of Microsoft Office Professional Plus 2019 on your computer properly activated?
     
  9. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    Not really. Neither Adobe Photoshop CC 2019. But as I said I need those softwares on a daily basis and can't remove them or afford a legit activation.
    Everything else is legit though.
     
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Hi ndxc,

    Apologies for the delay.

    Please note that during the cleaning procedure, the anti-malware tools we use may break pirated programs as they are often detected as malicious.
    Let me know if you're okay with this before we continue.
     
  11. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    Yes I'm ok with it, I want this malware gone for good, this is the most important.
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Hi ndxc,

    Do you recognize this Chrome extension?

    Do you recognize this installed program?

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      CloseProcesses:
      HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2020-01-15] (Microsoft Corporation) [File not signed]
      HKLM\...\Policies\Explorer: [HideSCAHealth] 1
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
      S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
      2020-01-15 09:58 - 2020-01-15 09:58 - 002619392 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartupCheckLibrary.dll
      2020-01-15 09:58 - 2020-01-15 09:58 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogui.exe
      2020-01-09 15:25 - 2020-01-09 15:25 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Easeware
      2019-12-22 19:27 - 2019-12-11 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2019-12-22 19:27 - 2019-05-25 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
      ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
      ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
      ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
      ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
      ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
      ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
      ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
      ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
      ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
      CMD: Type "C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job"
      VirusTotal: C:\WINDOWS\System32\Drivers\smrtkrnl.sys
      ExportKey: HKLM\SOFTWARE\Policies\Google
      Folder: C:\ProgramData\SmartGuard
      EmptyTemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.


    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Let me know if the issue persists.
     
  13. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    The Chrome extension I remember installing a few years ago but I don't really use it, I can remove it if you're suspicious. The Bradesco software is something required from my bank to be able to do online transactions and things like that, it was downloaded directly from the bank website, it's harmless.

    I think the issue still persists at least partially. According to the picture attached from Malwarebytes scan I did after running Farbar Recovery Scan Tool - Fix, it seems like the trojans are gone but the registry's still corrupted. I tried to access Windows Security and all I saw was a blank page just like before the Farbar Fix. Windows Updates also still failing and my Eset Nod32 Antivirus is still nowhere to be found.

    Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2020
    Ran by Gabriel (30-01-2020 12:48:43) Run:1
    Running from S:\
    Loaded Profiles: Gabriel (Available Profiles: Gabriel)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2020-01-15] (Microsoft Corporation) [File not signed]
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
    S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
    2020-01-15 09:58 - 2020-01-15 09:58 - 002619392 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartupCheckLibrary.dll
    2020-01-15 09:58 - 2020-01-15 09:58 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogui.exe
    2020-01-09 15:25 - 2020-01-09 15:25 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Easeware
    2019-12-22 19:27 - 2019-12-11 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
    2019-12-22 19:27 - 2019-05-25 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
    ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
    CMD: Type "C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job"
    VirusTotal: C:\WINDOWS\System32\Drivers\smrtkrnl.sys
    ExportKey: HKLM\SOFTWARE\Policies\Google
    Folder: C:\ProgramData\SmartGuard
    EmptyTemp:

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\winlogui" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    HKLM\System\CurrentControlSet\Services\ekrn => removed successfully
    ekrn => service removed successfully
    HKLM\System\CurrentControlSet\Services\ekrnEpfw => removed successfully
    ekrnEpfw => service removed successfully
    C:\WINDOWS\system32\StartupCheckLibrary.dll => moved successfully
    C:\WINDOWS\system32\winlogui.exe => moved successfully
    C:\Users\Gabriel\AppData\Roaming\Easeware => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico => moved successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
    "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
    HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => removed successfully
    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully

    ========= Type "C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" =========


    ôbŠY$D˜·ŠÁCöF Ô <
    s C : \ W I N D O W S \ e x p l o r e r . e x e / N O U A C C H E C K E x p l o r e r S h e l l U n e l e v a t e d
    ========= End of CMD: =========

    VirusTotal: C:\WINDOWS\System32\Drivers\smrtkrnl.sys => https://www.virustotal.com/file/535...22173534f9425c841caa03c1/analysis/1576527101/
    ================== ExportKey: ===================

    [HKLM\SOFTWARE\Policies\Google]
    [HKLM\SOFTWARE\Policies\Google\Chrome]
    "EnableCommonNameFallbackForLocalAnchors"="1"

    === End of ExportKey ===

    ========================= Folder: C:\ProgramData\SmartGuard ========================

    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\06caed2d2f22d08c68d304fde9d08de3c6a5a525
    2020-01-10 11:51 - 2020-01-10 11:51 - 007166816 ____A [5E76960CC512AEED63096C3BA836D58F] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\06caed2d2f22d08c68d304fde9d08de3c6a5a525\afa040657eea9d0b.bin
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\3aabd9c818c45785a8c4129fccb5664abb4877c2
    2020-01-10 11:51 - 2020-01-10 11:51 - 000033432 ____A [7846A67943BD892FC18408B899258E55] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\3aabd9c818c45785a8c4129fccb5664abb4877c2\7d7690b903fe8372.bin
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\d5e5a7d42c7f7506a7578c5dd04c98c71bf82c77
    2020-01-10 11:51 - 2020-01-10 11:51 - 005268832 ____A [6CF91A1A48BC1152F91F125810326831] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\d5e5a7d42c7f7506a7578c5dd04c98c71bf82c77\smrt64.exe
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\e6faec4029e859da6c12b982e144d0117ae8c763
    2020-01-10 11:51 - 2020-01-10 11:51 - 006616416 ____A [DDD4458E8AE62951F056C84CB88F94D6] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\e6faec4029e859da6c12b982e144d0117ae8c763\smrtsvc64.exe
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Index
    2020-01-10 11:51 - 2020-01-25 15:44 - 000000587 ____A [A9C0CFC2EC3609B596493A5B6DF73B14] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Index\5c11c7dc969e723e851612f346a3ddaad2617efd
    2020-01-10 11:51 - 2020-01-10 11:51 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Temp
    2020-01-10 11:51 - 2020-01-10 11:51 - 007166816 ____A [4D2963D60ED5CB62CCB62548449F2A0A] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Temp\06caed2d2f22d08c68d304fde9d08de3c6a5a525
    2020-01-10 11:51 - 2020-01-10 11:51 - 000033432 ____A [EAE57E5226290FE3529C9ED168F6EAAD] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Temp\3aabd9c818c45785a8c4129fccb5664abb4877c2
    2020-01-10 11:51 - 2020-01-10 11:51 - 005268832 ____A [5BE7170DA4BFCC0D62FBA6F2F4772614] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Temp\d5e5a7d42c7f7506a7578c5dd04c98c71bf82c77
    2020-01-10 11:51 - 2020-01-10 11:51 - 006616416 ____A [5198EADD4BFDDD223F155FC5392CE5D5] () C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Temp\e6faec4029e859da6c12b982e144d0117ae8c763

    ====== End of Folder: ======


    =========== EmptyTemp: ==========

    BITS transfer queue => 8937472 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 203139672 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 10809349 B
    Edge => 79257786 B
    Chrome => 685420102 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 97894 B
    NetworkService => 103514 B
    Gabriel => 83268569 B

    RecycleBin => 809951 B
    EmptyTemp: => 1022.2 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:49:19 ====
     

    Attached Files:

  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    706
    Hi ndxc,

    Please run a new scan with FRST and copy/paste both reports to your reply.
     
  15. ndxc

    ndxc Thread Starter

    Joined:
    Jan 9, 2020
    Messages:
    15
    What do you mean by both? That first Fixlog.txt I already posted and the new report of Fixlog.txt that I'm going to scan?
    Also should I Ctrl + C that code box you showed me for the new FRST scan to be performed or not?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1238767

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice