Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015 Ran by Miriam Moody at 2015-01-21 16:00:57 Run:2 Running from C:\Documents and Settings\Miriam Moody\Desktop Loaded Profiles: Miriam Moody (Available profiles: Miriam Moody & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2587936551-156640315-1538417202-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_02_ie&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzztD0EtB0C0FzzyDtCtDtBtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0C0FyCtDtB0F0CtG0F0CzzzztGyCzytD0AtG0ByBzz0AtGyDyC0FyC0FtCtAtByDzyzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyC0DtB0E0EtAtGtD0E0EyDtGyE0A0DtDtG0AyEtC0DtG0D0EtB0Azy0EzztAtAtC0EtC2Q&cr=1296023313&ir=" S3 catchme; \??\C:\DOCUME~1\MIRIAM~1\LOCALS~1\Temp\catchme.sys [X] U3 TlntSvr; No ImagePath 2015-01-08 17:08 - 2015-01-08 17:08 - 00000000 ____D () C:\Documents and Settings\Miriam Moody\Application Data\1H1Q1V1N1N1O1R AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C0789917 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F4E28098 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" CMD: ipconfig /flushdns hosts: Emptytemp: end ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2587936551-156640315-1538417202-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. Chrome StartupUrls deleted successfully. catchme => Service deleted successfully. TlntSvr => Service deleted successfully. C:\Documents and Settings\Miriam Moody\Application Data\1H1Q1V1N1N1O1R => Moved successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":C0789917" ADS removed successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":F4E28098" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MSIServer" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 3.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 16:03:02 ====