VIRUS ?

Viruses and worms
1

These .wav files started appearing in System 32 a few days ago.
If I delete them they just come back.
Am I infected ?
See picture—

http://s6.postimg.org/44jlfjmfl/screenshot_403.jpg

Any help would be appreciated. :slight_smile:

2

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

3

Are you doing anything with sound ?
e.g. ripping cd’s/dvd’s, removing noise from recordings or anything like that ?

4

OK.
I’ll work on it & get back here. :slight_smile:

5

No.
I ran Avast virus check & it found nothing.

6
Am I infected ?
Suspicious file(s) can be uploaded and checked here www.virustotal.com / www.metadefender.com / www.jotti.org

If it ask to see last report. click rescan for a fresh result

7

Find attached the requested files.

8

OK, now you’ve to wait a bit…

9
  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad.
Start

Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs [2014-01-13] ()
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs
C:\Users\David\setup.exe
IE trusted site: HKU\S-1-5-21-1924258711-939055155-1334565722-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1924258711-939055155-1334565722-1002\...\clickfast.net -> cds.clickfast.net
2017-07-14 06:18 - 2017-07-14 06:18 - 02342468 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_700.RenSFX.29DC8028.OUT.wav
2017-07-14 06:18 - 2017-07-14 06:18 - 02342468 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_700.RenSFX.29DC8028.IN.wav
2017-07-14 06:18 - 2017-07-14 06:18 - 02342468 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_606.RenMFX.29BA0098.OUT.wav
2017-07-14 06:18 - 2017-07-14 06:18 - 02342468 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_606.RenMFX.29BA0098.IN.wav
2017-07-14 06:18 - 2017-07-14 06:18 - 02342468 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_569.RenEFX.29790098.IN.wav
2017-07-14 06:18 - 2017-07-14 06:18 - 02342446 _____ C:\WINDOWS\system32\2017.07.14_06.18.34_569.RenEFX.29790098.OUT.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544068 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_831.RenSFX.23DA5E38.OUT.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544068 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_831.RenSFX.23DA5E38.IN.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544068 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_806.RenMFX.23CFFC58.OUT.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544068 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_806.RenMFX.23CFFC58.IN.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544068 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_783.RenEFX.23660098.IN.wav
2017-07-14 05:36 - 2017-07-14 06:10 - 788544046 _____ C:\WINDOWS\system32\2017.07.14_05.36.21_783.RenEFX.23660098.OUT.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967748 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_646.RenSFX.23D19038.OUT.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967748 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_646.RenSFX.23D19038.IN.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967748 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_499.RenMFX.23AF0098.OUT.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967748 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_499.RenMFX.23AF0098.IN.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967748 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_416.RenEFX.23660098.IN.wav
2017-07-14 05:29 - 2017-07-14 05:35 - 132967726 _____ C:\WINDOWS\system32\2017.07.14_05.29.23_416.RenEFX.23660098.OUT.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_230.RenSFX.A5BE8028.OUT.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_230.RenSFX.A5BE8028.IN.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_195.RenMFX.A59C0098.OUT.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_195.RenMFX.A59C0098.IN.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_167.RenEFX.A55B0098.IN.wav
2017-07-14 05:16 - 2017-07-14 05:16 - 00000046 _____ C:\WINDOWS\system32\2017.07.14_05.16.44_167.RenEFX.A55B0098.OUT.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468548 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_982.RenSFX.A1C98028.OUT.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468548 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_982.RenSFX.A1C98028.IN.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468548 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_850.RenMFX.A1A70098.OUT.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468548 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_850.RenMFX.A1A70098.IN.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468548 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_812.RenEFX.A1660098.IN.wav
2017-07-14 04:58 - 2017-07-14 04:58 - 00468526 _____ C:\WINDOWS\system32\2017.07.14_04.58.39_812.RenEFX.A1660098.OUT.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00107588 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_970.RenSFX.43E9C008.OUT.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00107588 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_867.RenMFX.43F176B8.OUT.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00107588 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_867.RenMFX.43F176B8.IN.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00107588 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_842.RenEFX.43D10098.IN.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00107566 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_842.RenEFX.43D10098.OUT.wav
2017-07-13 21:49 - 2017-07-13 21:49 - 00053828 _____ C:\WINDOWS\system32\2017.07.13_21.49.14_970.RenSFX.43E9C008.IN.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077188 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_228.RenSFX.4451D728.OUT.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077188 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_228.RenSFX.4451D728.IN.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077188 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_204.RenMFX.43F0FA88.OUT.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077188 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_204.RenMFX.43F0FA88.IN.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077188 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_177.RenEFX.43D10098.IN.wav
2017-07-13 21:23 - 2017-07-13 21:47 - 547077166 _____ C:\WINDOWS\system32\2017.07.13_21.23.43_177.RenEFX.43D10098.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917828 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_665.RenSFX.43DE3A28.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917828 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_665.RenSFX.43DE3A28.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917828 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_461.RenMFX.442498B8.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917828 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_461.RenMFX.442498B8.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917828 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_392.RenEFX.43D10098.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00917806 _____ C:\WINDOWS\system32\2017.07.13_21.18.55_392.RenEFX.43D10098.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668228 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_364.RenSFX.4433B758.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668228 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_364.RenSFX.4433B758.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668228 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_267.RenMFX.4413F828.OUT.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668228 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_267.RenMFX.4413F828.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668228 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_095.RenEFX.43D10098.IN.wav
2017-07-13 21:18 - 2017-07-13 21:18 - 00668206 _____ C:\WINDOWS\system32\2017.07.13_21.18.36_095.RenEFX.43D10098.OUT.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312388 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_458.RenSFX.443482D8.OUT.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312388 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_458.RenSFX.443482D8.IN.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312388 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_360.RenMFX.44120098.OUT.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312388 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_360.RenMFX.44120098.IN.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312388 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_333.RenEFX.43D10098.IN.wav
2017-07-13 21:17 - 2017-07-13 21:17 - 04312366 _____ C:\WINDOWS\system32\2017.07.13_21.17.17_333.RenEFX.43D10098.OUT.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466628 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_482.RenSFX.57146EA8.OUT.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466628 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_482.RenSFX.57146EA8.IN.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466628 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_456.RenMFX.56BF25B8.OUT.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466628 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_456.RenMFX.56BF25B8.IN.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466628 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_416.RenEFX.56950098.IN.wav
2017-07-13 21:10 - 2017-07-13 21:10 - 06466606 _____ C:\WINDOWS\system32\2017.07.13_21.10.11_416.RenEFX.56950098.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 02484548 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_226.RenSFX.57081628.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 02484548 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_195.RenMFX.5754C758.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 02484548 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_195.RenMFX.5754C758.IN.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 02484548 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_172.RenEFX.56950098.IN.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 02484526 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_172.RenEFX.56950098.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:06 - 01242308 _____ C:\WINDOWS\system32\2017.07.13_21.05.57_226.RenSFX.57081628.IN.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943108 _____ C:\WINDOWS\system32\2017.07.13_21.05.18_124.RenSFX.570082D8.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943108 _____ C:\WINDOWS\system32\2017.07.13_21.05.18_124.RenSFX.570082D8.IN.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943108 _____ C:\WINDOWS\system32\2017.07.13_21.05.16_908.RenMFX.56DE0098.OUT.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943108 _____ C:\WINDOWS\system32\2017.07.13_21.05.16_908.RenMFX.56DE0098.IN.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943108 _____ C:\WINDOWS\system32\2017.07.13_21.05.16_593.RenEFX.56950098.IN.wav
2017-07-13 21:05 - 2017-07-13 21:05 - 01943086 _____ C:\WINDOWS\system32\2017.07.13_21.05.16_593.RenEFX.56950098.OUT.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784068 _____ C:\WINDOWS\system32\2017.07.13_20.42.45_034.RenSFX.700D7A28.OUT.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784068 _____ C:\WINDOWS\system32\2017.07.13_20.42.45_034.RenSFX.700D7A28.IN.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784068 _____ C:\WINDOWS\system32\2017.07.13_20.42.44_969.RenMFX.6FEB0098.OUT.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784068 _____ C:\WINDOWS\system32\2017.07.13_20.42.44_969.RenMFX.6FEB0098.IN.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784068 _____ C:\WINDOWS\system32\2017.07.13_20.42.44_920.RenEFX.6FA20098.IN.wav
2017-07-13 20:42 - 2017-07-13 20:42 - 02784046 _____ C:\WINDOWS\system32\2017.07.13_20.42.44_920.RenEFX.6FA20098.OUT.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490628 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_212.RenSFX.552ED0D8.OUT.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490628 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_212.RenSFX.552ED0D8.IN.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490628 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_181.RenMFX.55DE71C8.OUT.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490628 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_181.RenMFX.55DE71C8.IN.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490628 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_154.RenEFX.551F0098.IN.wav
2017-07-13 19:23 - 2017-07-13 19:23 - 03490606 _____ C:\WINDOWS\system32\2017.07.13_19.23.03_154.RenEFX.551F0098.OUT.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000068 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_378.RenSFX.558A8028.OUT.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000068 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_378.RenSFX.558A8028.IN.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000068 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_336.RenMFX.55680098.OUT.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000068 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_336.RenMFX.55680098.IN.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000068 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_301.RenEFX.551F0098.IN.wav
2017-07-13 19:22 - 2017-07-13 19:22 - 00000046 _____ C:\WINDOWS\system32\2017.07.13_19.22.32_301.RenEFX.551F0098.OUT.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518468 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_813.RenSFX.A86182D8.OUT.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518468 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_813.RenSFX.A86182D8.IN.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518468 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_715.RenMFX.A83F0098.OUT.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518468 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_715.RenMFX.A83F0098.IN.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518468 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_690.RenEFX.A7F60098.IN.wav
2017-07-14 06:56 - 2017-07-14 06:57 - 12518446 _____ C:\WINDOWS\system32\2017.07.14_06.56.56_690.RenEFX.A7F60098.OUT.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_709.RenSFX.BD2182D8.OUT.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_709.RenSFX.BD2182D8.IN.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_622.RenMFX.BCFF0098.OUT.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_622.RenMFX.BCFF0098.IN.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_598.RenEFX.BCB60098.IN.wav
2017-07-14 08:29 - 2017-07-14 08:30 - 00000046 _____ C:\WINDOWS\system32\2017.07.14_08.29.22_598.RenEFX.BCB60098.OUT.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190468 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_545.RenSFX.36CD82D8.OUT.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190468 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_545.RenSFX.36CD82D8.IN.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190468 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_472.RenMFX.36AB0098.OUT.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190468 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_472.RenMFX.36AB0098.IN.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190468 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_447.RenEFX.366A0098.IN.wav
2017-07-14 07:43 - 2017-07-14 08:11 - 661190446 _____ C:\WINDOWS\system32\2017.07.14_07.43.00_447.RenEFX.366A0098.OUT.wav
2017-07-14 07:09 - 2017-07-14 07:09 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.09.09_336.RenSFX.D7A87998.OUT.wav
2017-07-14 07:09 - 2017-07-14 07:09 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.09.09_336.RenSFX.D7A87998.IN.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_776.RenSFX.D7538028.OUT.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_776.RenSFX.D7538028.IN.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_716.RenMFX.D7310098.OUT.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_716.RenMFX.D7310098.IN.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000068 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_680.RenEFX.D6F00098.IN.wav
2017-07-14 07:06 - 2017-07-14 07:11 - 00000046 _____ C:\WINDOWS\system32\2017.07.14_07.06.55_680.RenEFX.D6F00098.OUT.wav
2017-07-14 06:59 - 2017-07-14 06:59 - 00910148 _____ C:\WINDOWS\system32\2017.07.14_06.59.36_698.RenSFX.A8AC8E58.OUT.wav
2017-07-14 06:59 - 2017-07-14 06:59 - 00910148 _____ C:\WINDOWS\system32\2017.07.14_06.59.36_698.RenSFX.A8AC8E58.IN.wav

End
  • Go to FileSave As and save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
10

Log attached.

11

Ran Microsoft Safety Scanner—

http://s6.postimg.org/vbfoky98x/screenshot_403.jpg

12

Tried Trend Micro HouseCall—

http://s6.postimg.org/rgcaidq35/screenshot_403.jpg

13

Can you attach this file to your post?

C:\FRST\Quarantine\C\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs
14

I added the vbs file myself years ago.
I don’t think it is part of the problem.
Find it attached.
I had to rename it to Welcome.txt in order to attach it.

15

Ran Microsoft MSRT—

http://s6.postimg.org/4dqcwydzl/screenshot_403.jpg

16

Your system seems to be malware free according to Welcome.vbs content and FRST logs. Do you recall what you installed or setted up on 13.7.2017 at 19:00?

17

No. :frowning:

If that date is the start of the problem, I have a system image dated July 6 I could revert to.
Picture—

http://s6.postimg.org/ah7xgv49d/screenshot_404.jpg

18

Can you upload one of those WAV files? There should be ones with moderate size.

19

How would I upload it ?
The only options are jpg, png, txt, log, gif.

I’ll try renaming one to .txt instead of .wav.

It seems to be attached.
Rename it with .wav instead of .txt.

20

https://www.virustotal.com/en/file/d553fe9e971c7387d54c44dd3e123d0ba58ab263ba7ba027fd5f6bed4d879ce2/analysis/1500187458/

FYI - file uploaded to VirusTotal as wav file.