Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser redirection virus? [Closed]

Browser redirect

  • This topic is locked This topic is locked

#1
Barefeetpete

Barefeetpete

    New Member

  • Member
  • Pip
  • 3 posts

Hi - my browsers (chrome and IE7) constantly redirect me to static.facebooketcetc. or s.7addthis.com statictwitter etc etc. 

 

I have tried the following.

Disk clean up

Malwarebytes

ADW cleaner

TDSSkiller 

 

I have tried going into msconfig in safe mode, resetting browser settings and all my LAN settings and probably more that I've forgotten. I am not brilliantly computer literate and I thank anyone in advance who may be able to help. This thing is truly twisting my melon and wasting my days!!

 

So here goes....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Pete (administrator) on PETE-PC on 30-05-2015 07:32:56
Running from C:\Users\Pete\Desktop
Loaded Profiles: Pete (Available Profiles: Pete)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {3be5afd1-1b3e-11e1-919c-00030dd52f6a} - F:\Windows\Install.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {407c0e21-39f4-11e1-9375-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {504fe4f4-09a0-11e1-a87c-00030dd52f6a} - E:\Setup.exe /Auto
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {5906f55f-9b6a-11e3-889b-00030dd52f6a} - F:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {5fcf842a-3b37-11e1-8fe0-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {60b264ee-e270-11e1-8653-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {63ffb6c7-e1af-11e0-b6ed-00030dd52f6a} - F:\Windows\Install.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578a9a-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578a9d-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578ab3-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578bb4-d91a-11e1-95e1-ac21c2a00374} - F:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578cc7-d91a-11e1-95e1-ac21c2a00374} - E:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {7ab87936-369d-11e1-8f51-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {7ab8793b-369d-11e1-8f51-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {8d9d12fd-d521-11e1-8513-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {8d9d1302-d521-11e1-8513-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {9559c2af-6640-11df-981c-806e6f6e6963} - E:\LaunchU3.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {9d6a26b3-d524-11e1-8666-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {ca3bd04a-35e1-11e1-90f1-00030dd52f6a} - E:\Windows\Install.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-28] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-22] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll [2011-03-04] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-2765806483-2848671187-2391883295-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll [2012-09-25] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (Adguard AdBlocker) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Block site) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-05-24]
CHR Extension: (Bookmark Manager) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-28]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-28] (Avast Software)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-31] (Google)
S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S4 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [99248 2007-05-30] (Lexmark International, Inc.)
S4 lxdf_device; C:\Windows\system32\lxdfcoms.exe [598960 2007-05-30] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\fxxandroidusb.sys [25728 2011-03-22] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-28] ()
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [103552 2009-04-27] (QUALCOMM Incorporated)
R2 LiveGpdKBFilter; C:\Windows\system32\Drivers\LiveGpdKBFilter.sys [4096 2009-05-06] (Windows ® Win 7 DDK provider)
R2 LiveIO; C:\Windows\system32\Drivers\LiveIO.sys [15312 2009-05-11] ()
R3 Livekbc; C:\Windows\system32\Drivers\Livekbc.sys [4096 2009-05-06] (Systems Internals) [File not signed]
R3 Livemouclass; C:\Windows\system32\Drivers\Livemouclass.sys [3968 2009-05-06] (Systems Internals) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\FXX\qcusbser.sys [103424 2011-03-22] (QUALCOMM Incorporated)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372224 2009-07-01] (Realtek Semiconductor Corporation                           )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-02-07] (The OpenVPN Project)
S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [38400 2009-11-05] ()
S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [16128 2008-05-29] (Via Telecom, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-28] (Avast Software)
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbModemDriver; system32\DRIVERS\USB_MODEM_T.sys [X]
S3 USB_WinMux_T; system32\DRIVERS\USB_WinMux_T.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 07:32 - 2015-05-30 07:33 - 00014725 _____ () C:\Users\Pete\Desktop\FRST.txt
2015-05-30 07:32 - 2015-05-30 07:33 - 00000000 ____D () C:\FRST
2015-05-30 07:28 - 2015-05-30 07:28 - 01147392 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2015-05-29 14:00 - 2015-05-29 14:00 - 00000000 ____D () C:\Windows\pss
2015-05-29 04:46 - 2015-05-29 04:46 - 00000726 _____ () C:\Users\Pete\AppData\Local\recently-used.xbel
2015-05-25 06:52 - 2015-05-30 07:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 06:51 - 2015-05-25 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 06:51 - 2015-05-25 06:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-25 06:51 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-25 06:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-25 06:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 15:02 - 2015-05-26 04:00 - 00000000 ____D () C:\Users\Pete\Desktop\mum
2015-05-24 10:27 - 2015-05-24 10:27 - 00096240 _____ () C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 10:18 - 2015-05-25 18:12 - 00000000 ____D () C:\AdwCleaner
2015-05-22 10:06 - 2015-05-26 04:21 - 00002096 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 10:06 - 2015-05-22 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 10:01 - 2015-05-30 07:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 10:01 - 2015-05-30 04:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 07:57 - 2015-04-28 15:02 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-22 07:14 - 2015-05-22 07:15 - 00000000 ____D () C:\sh4ldr
2015-05-22 05:54 - 2015-05-22 07:02 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-14 03:38 - 2015-05-01 20:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:30 - 2015-04-22 08:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 04:30 - 2015-04-21 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 04:30 - 2015-04-21 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 04:30 - 2015-04-21 23:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 04:30 - 2015-04-21 23:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 04:30 - 2015-04-21 23:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 04:30 - 2015-04-21 23:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 04:30 - 2015-04-21 23:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 04:30 - 2015-04-21 23:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 04:30 - 2015-04-21 23:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 04:30 - 2015-04-21 23:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 04:30 - 2015-04-21 23:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 04:30 - 2015-04-21 22:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 04:30 - 2015-04-21 22:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 04:30 - 2015-04-21 22:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 04:30 - 2015-04-21 22:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 04:30 - 2015-04-21 22:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 04:30 - 2015-04-21 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 04:30 - 2015-04-21 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 04:30 - 2015-04-21 22:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 04:30 - 2015-04-21 22:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 04:30 - 2015-04-21 22:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 04:30 - 2015-04-21 22:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 04:30 - 2015-04-21 22:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 04:30 - 2015-04-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 04:30 - 2015-04-21 22:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 04:30 - 2015-04-21 22:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 04:30 - 2015-04-21 21:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 04:30 - 2015-04-21 21:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 04:29 - 2015-04-21 23:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 04:29 - 2015-04-21 22:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 04:29 - 2015-04-21 22:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 04:27 - 2015-01-29 10:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 04:17 - 2015-04-28 02:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-13 04:17 - 2015-04-28 02:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 04:17 - 2015-04-28 02:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 04:17 - 2015-04-28 02:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 04:17 - 2015-04-28 02:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 04:17 - 2015-04-28 02:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 04:17 - 2015-04-28 02:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 04:17 - 2015-04-28 02:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 04:17 - 2015-04-28 02:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 04:17 - 2015-04-28 01:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 04:17 - 2015-04-28 01:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 04:17 - 2015-04-28 01:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 04:16 - 2015-05-05 08:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 04:16 - 2015-04-20 09:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 04:16 - 2015-04-20 09:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 04:16 - 2015-04-20 09:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 04:16 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 04:16 - 2015-04-13 10:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 04:11 - 2015-03-04 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 04:10 - 2015-04-08 10:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 04:10 - 2015-04-08 10:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 04:09 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 07:31 - 2009-07-14 11:34 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 07:31 - 2009-07-14 11:34 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 07:14 - 2013-02-02 15:56 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Dropbox
2015-05-30 06:36 - 2013-09-08 14:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 06:29 - 2009-11-07 00:03 - 01603427 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 04:30 - 2012-03-03 12:05 - 00111483 _____ () C:\Windows\setupact.log
2015-05-30 04:30 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 13:31 - 2013-07-23 04:15 - 00000000 ____D () C:\Users\Pete\Desktop\The Mango_files
2015-05-29 05:28 - 2015-03-28 11:51 - 00000000 ____D () C:\Users\Pete\Desktop\BBQ
2015-05-28 16:09 - 2014-09-20 06:13 - 00000000 ____D () C:\Users\Pete\Desktop\surfimage
2015-05-28 13:22 - 2009-09-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-25 18:13 - 2009-09-03 22:24 - 01402204 _____ () C:\Windows\PFRO.log
2015-05-25 09:54 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-25 07:39 - 2013-06-28 14:04 - 00000000 ____D () C:\ProgramData\saffee Savoe
2015-05-25 06:51 - 2012-06-24 07:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 03:00 - 2015-04-05 03:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-22 11:22 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\registration
2015-05-22 10:06 - 2009-09-03 20:45 - 00000000 ____D () C:\Program Files\Google
2015-05-22 10:01 - 2010-08-24 15:20 - 00000000 ____D () C:\Users\Pete\AppData\Local\Deployment
2015-05-22 09:10 - 2009-08-03 15:18 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 09:03 - 2009-11-07 00:03 - 00000000 ____D () C:\Users\Pete
2015-05-22 07:58 - 2015-04-28 15:05 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-22 07:48 - 2013-08-30 10:13 - 00000000 ____D () C:\Program Files\Smartfren Connex Modem
2015-05-22 07:48 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-14 06:38 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\rescache
2015-05-14 04:03 - 2009-07-14 11:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 04:03 - 2009-07-14 11:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(15).TXT
2015-05-14 04:03 - 2009-07-14 11:33 - 00380448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 04:02 - 2009-09-03 20:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 03:59 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 03:18 - 2009-09-02 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 03:17 - 2010-06-04 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2009-11-10 23:48 - 2013-03-02 14:24 - 0000318 _____ () C:\Users\Pete\AppData\Roaming\wklnhst.dat
2011-02-15 21:38 - 2013-01-12 12:20 - 0012288 _____ () C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-13 05:51 - 2012-06-12 08:25 - 0004096 ____H () C:\Users\Pete\AppData\Local\keyfile3.drm
2015-05-29 04:46 - 2015-05-29 04:46 - 0000726 _____ () C:\Users\Pete\AppData\Local\recently-used.xbel
2011-06-22 09:39 - 2011-06-22 09:40 - 0000000 _____ () C:\Users\Pete\AppData\Local\{03424EE6-5466-4D0D-8E77-BD9E9BE975EE}
2011-05-06 08:40 - 2011-05-06 08:40 - 0000000 _____ () C:\Users\Pete\AppData\Local\{0EF99317-952D-4D7E-82AF-F051770EB932}
2011-06-26 07:25 - 2011-06-26 07:25 - 0000000 _____ () C:\Users\Pete\AppData\Local\{3FB9C12C-3322-4022-B4E1-A7CE9140B7B3}
2009-11-09 21:56 - 2009-11-11 19:17 - 0000102 _____ () C:\ProgramData\lxdf
2012-01-24 09:35 - 2012-01-24 09:35 - 0005104 _____ () C:\ProgramData\qjaxlkio.dss
2010-11-19 19:24 - 2010-11-19 19:24 - 0913749 _____ () C:\ProgramData\SPL10DB.tmp
2010-12-09 21:47 - 2010-12-09 21:47 - 2735491 _____ () C:\ProgramData\SPL19BD.tmp
2009-11-11 17:16 - 2009-11-11 17:16 - 2777460 _____ () C:\ProgramData\SPL254.tmp
2010-07-09 16:10 - 2010-07-09 16:10 - 0519768 _____ () C:\ProgramData\SPL2AB8.tmp
2009-11-11 18:51 - 2009-11-11 18:51 - 0286513 _____ () C:\ProgramData\SPL30D4.tmp
2009-11-11 17:25 - 2009-11-11 17:25 - 2777460 _____ () C:\ProgramData\SPL365F.tmp
2009-11-11 19:13 - 2009-11-11 19:13 - 0286513 _____ () C:\ProgramData\SPL40A9.tmp
2010-05-18 20:16 - 2010-05-18 20:16 - 0694702 _____ () C:\ProgramData\SPL48A1.tmp
2009-11-11 17:38 - 2009-11-11 17:38 - 0291857 _____ () C:\ProgramData\SPL6170.tmp
2009-11-11 16:46 - 2009-11-11 16:46 - 0052084 _____ () C:\ProgramData\SPL7B78.tmp
2010-12-17 20:12 - 2010-12-17 20:12 - 0302600 _____ () C:\ProgramData\SPL8258.tmp
2010-07-09 16:28 - 2010-07-09 16:28 - 0519768 _____ () C:\ProgramData\SPL8361.tmp
2010-10-04 18:03 - 2010-10-04 18:03 - 0073624 _____ () C:\ProgramData\SPL8A1B.tmp
2010-08-19 15:31 - 2010-08-19 15:31 - 6100324 _____ () C:\ProgramData\SPL8C7C.tmp
2010-05-18 19:50 - 2010-05-18 19:50 - 0524116 _____ () C:\ProgramData\SPL90C1.tmp
2009-11-18 20:34 - 2009-11-18 20:34 - 15228454 _____ () C:\ProgramData\SPL91B3.tmp
2010-07-21 15:08 - 2010-07-21 15:08 - 4196013 _____ () C:\ProgramData\SPL95AA.tmp
2010-12-17 19:43 - 2010-12-17 19:43 - 0302600 _____ () C:\ProgramData\SPL9702.tmp
2010-09-03 16:55 - 2010-09-03 16:55 - 0387377 _____ () C:\ProgramData\SPL9929.tmp
2010-02-23 21:58 - 2010-02-23 21:58 - 4020308 _____ () C:\ProgramData\SPL9AC0.tmp
2009-11-11 17:31 - 2009-11-11 17:31 - 2777460 _____ () C:\ProgramData\SPLAD7D.tmp
2009-11-11 17:29 - 2009-11-11 17:29 - 2777460 _____ () C:\ProgramData\SPLB201.tmp
2010-09-03 16:59 - 2010-09-03 16:59 - 0387377 _____ () C:\ProgramData\SPLB224.tmp
2010-12-09 21:46 - 2010-12-09 21:46 - 2735491 _____ () C:\ProgramData\SPLB294.tmp
2011-01-26 16:35 - 2011-01-26 16:35 - 0332061 _____ () C:\ProgramData\SPLC488.tmp
2010-05-18 20:25 - 2010-05-18 20:25 - 0372952 _____ () C:\ProgramData\SPLD961.tmp
2009-11-18 20:25 - 2009-11-18 20:25 - 15228454 _____ () C:\ProgramData\SPLDD.tmp
2010-10-04 18:01 - 2010-10-04 18:01 - 0777300 _____ () C:\ProgramData\SPLDF10.tmp
2010-05-18 19:39 - 2010-05-18 19:39 - 0291992 _____ () C:\ProgramData\SPLE875.tmp
2010-05-06 16:47 - 2010-05-06 16:47 - 16489132 _____ () C:\ProgramData\SPLF7B2.tmp
 
Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
 
 
Some files in TEMP:
====================
C:\Users\Pete\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnullze.dll
C:\Users\Pete\AppData\Local\Temp\Quarantine.exe
C:\Users\Pete\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pete\AppData\Local\Temp\sqlite3.dll
C:\Users\Pete\AppData\Local\Temp\{AEBD749C-1A6C-4644-8AF2-E2CD5D2D49F3}-37.0.2062.120_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 00:07
 
==================== End of log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Pete (administrator) on PETE-PC on 30-05-2015 07:32:56
Running from C:\Users\Pete\Desktop
Loaded Profiles: Pete (Available Profiles: Pete)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {3be5afd1-1b3e-11e1-919c-00030dd52f6a} - F:\Windows\Install.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {407c0e21-39f4-11e1-9375-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {504fe4f4-09a0-11e1-a87c-00030dd52f6a} - E:\Setup.exe /Auto
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {5906f55f-9b6a-11e3-889b-00030dd52f6a} - F:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {5fcf842a-3b37-11e1-8fe0-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {60b264ee-e270-11e1-8653-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {63ffb6c7-e1af-11e0-b6ed-00030dd52f6a} - F:\Windows\Install.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578a9a-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578a9d-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578ab3-d91a-11e1-95e1-ac21c2a00374} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578bb4-d91a-11e1-95e1-ac21c2a00374} - F:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {6d578cc7-d91a-11e1-95e1-ac21c2a00374} - E:\Setup.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {7ab87936-369d-11e1-8f51-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {7ab8793b-369d-11e1-8f51-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {8d9d12fd-d521-11e1-8513-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {8d9d1302-d521-11e1-8513-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {9559c2af-6640-11df-981c-806e6f6e6963} - E:\LaunchU3.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {9d6a26b3-d524-11e1-8666-00030dd52f6a} - E:\AutoRun.exe
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\...\MountPoints2: {ca3bd04a-35e1-11e1-90f1-00030dd52f6a} - E:\Windows\Install.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-28] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2765806483-2848671187-2391883295-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = 
SearchScopes: HKU\S-1-5-21-2765806483-2848671187-2391883295-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-22] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-28] (Avast Software s.r.o.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll [2011-03-04] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-2765806483-2848671187-2391883295-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll [2012-09-25] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (Adguard AdBlocker) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Block site) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-05-24]
CHR Extension: (Bookmark Manager) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-28]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-28] (Avast Software)
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-31] (Google)
S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S4 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [99248 2007-05-30] (Lexmark International, Inc.)
S4 lxdf_device; C:\Windows\system32\lxdfcoms.exe [598960 2007-05-30] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\fxxandroidusb.sys [25728 2011-03-22] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-28] ()
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [103552 2009-04-27] (QUALCOMM Incorporated)
R2 LiveGpdKBFilter; C:\Windows\system32\Drivers\LiveGpdKBFilter.sys [4096 2009-05-06] (Windows ® Win 7 DDK provider)
R2 LiveIO; C:\Windows\system32\Drivers\LiveIO.sys [15312 2009-05-11] ()
R3 Livekbc; C:\Windows\system32\Drivers\Livekbc.sys [4096 2009-05-06] (Systems Internals) [File not signed]
R3 Livemouclass; C:\Windows\system32\Drivers\Livemouclass.sys [3968 2009-05-06] (Systems Internals) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\FXX\qcusbser.sys [103424 2011-03-22] (QUALCOMM Incorporated)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372224 2009-07-01] (Realtek Semiconductor Corporation                           )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-02-07] (The OpenVPN Project)
S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [38400 2009-11-05] ()
S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [16128 2008-05-29] (Via Telecom, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-28] (Avast Software)
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbModemDriver; system32\DRIVERS\USB_MODEM_T.sys [X]
S3 USB_WinMux_T; system32\DRIVERS\USB_WinMux_T.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 07:32 - 2015-05-30 07:33 - 00014725 _____ () C:\Users\Pete\Desktop\FRST.txt
2015-05-30 07:32 - 2015-05-30 07:33 - 00000000 ____D () C:\FRST
2015-05-30 07:28 - 2015-05-30 07:28 - 01147392 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2015-05-29 14:00 - 2015-05-29 14:00 - 00000000 ____D () C:\Windows\pss
2015-05-29 04:46 - 2015-05-29 04:46 - 00000726 _____ () C:\Users\Pete\AppData\Local\recently-used.xbel
2015-05-25 06:52 - 2015-05-30 07:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 06:51 - 2015-05-25 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 06:51 - 2015-05-25 06:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-25 06:51 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-25 06:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-25 06:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 15:02 - 2015-05-26 04:00 - 00000000 ____D () C:\Users\Pete\Desktop\mum
2015-05-24 10:27 - 2015-05-24 10:27 - 00096240 _____ () C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 10:18 - 2015-05-25 18:12 - 00000000 ____D () C:\AdwCleaner
2015-05-22 10:06 - 2015-05-26 04:21 - 00002096 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 10:06 - 2015-05-22 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 10:01 - 2015-05-30 07:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 10:01 - 2015-05-30 04:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 07:57 - 2015-04-28 15:02 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-22 07:14 - 2015-05-22 07:15 - 00000000 ____D () C:\sh4ldr
2015-05-22 05:54 - 2015-05-22 07:02 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-14 03:38 - 2015-05-01 20:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:30 - 2015-04-22 08:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 04:30 - 2015-04-21 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 04:30 - 2015-04-21 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 04:30 - 2015-04-21 23:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 04:30 - 2015-04-21 23:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 04:30 - 2015-04-21 23:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 04:30 - 2015-04-21 23:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 04:30 - 2015-04-21 23:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 04:30 - 2015-04-21 23:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 04:30 - 2015-04-21 23:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 04:30 - 2015-04-21 23:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 04:30 - 2015-04-21 23:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 04:30 - 2015-04-21 22:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 04:30 - 2015-04-21 22:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 04:30 - 2015-04-21 22:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 04:30 - 2015-04-21 22:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 04:30 - 2015-04-21 22:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 04:30 - 2015-04-21 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 04:30 - 2015-04-21 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 04:30 - 2015-04-21 22:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 04:30 - 2015-04-21 22:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 04:30 - 2015-04-21 22:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 04:30 - 2015-04-21 22:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 04:30 - 2015-04-21 22:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 04:30 - 2015-04-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 04:30 - 2015-04-21 22:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 04:30 - 2015-04-21 22:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 04:30 - 2015-04-21 21:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 04:30 - 2015-04-21 21:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 04:29 - 2015-04-21 23:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 04:29 - 2015-04-21 22:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 04:29 - 2015-04-21 22:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 04:27 - 2015-01-29 10:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 04:17 - 2015-04-28 02:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-13 04:17 - 2015-04-28 02:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 04:17 - 2015-04-28 02:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 04:17 - 2015-04-28 02:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 04:17 - 2015-04-28 02:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 04:17 - 2015-04-28 02:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 04:17 - 2015-04-28 02:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 04:17 - 2015-04-28 02:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 04:17 - 2015-04-28 02:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 04:17 - 2015-04-28 02:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 04:17 - 2015-04-28 02:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 04:17 - 2015-04-28 02:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 04:17 - 2015-04-28 01:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 04:17 - 2015-04-28 01:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 04:17 - 2015-04-28 01:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 04:16 - 2015-05-05 08:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 04:16 - 2015-04-20 09:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 04:16 - 2015-04-20 09:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 04:16 - 2015-04-20 09:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 04:16 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 04:16 - 2015-04-13 10:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 04:11 - 2015-03-04 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 04:11 - 2015-03-04 11:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 04:10 - 2015-04-08 10:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 04:10 - 2015-04-08 10:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 04:09 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 07:31 - 2009-07-14 11:34 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 07:31 - 2009-07-14 11:34 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 07:14 - 2013-02-02 15:56 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Dropbox
2015-05-30 06:36 - 2013-09-08 14:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 06:29 - 2009-11-07 00:03 - 01603427 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 04:30 - 2012-03-03 12:05 - 00111483 _____ () C:\Windows\setupact.log
2015-05-30 04:30 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 13:31 - 2013-07-23 04:15 - 00000000 ____D () C:\Users\Pete\Desktop\The Mango_files
2015-05-29 05:28 - 2015-03-28 11:51 - 00000000 ____D () C:\Users\Pete\Desktop\BBQ
2015-05-28 16:09 - 2014-09-20 06:13 - 00000000 ____D () C:\Users\Pete\Desktop\surfimage
2015-05-28 13:22 - 2009-09-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-25 18:13 - 2009-09-03 22:24 - 01402204 _____ () C:\Windows\PFRO.log
2015-05-25 09:54 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-25 07:39 - 2013-06-28 14:04 - 00000000 ____D () C:\ProgramData\saffee Savoe
2015-05-25 06:51 - 2012-06-24 07:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 03:00 - 2015-04-05 03:34 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-22 11:22 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\registration
2015-05-22 10:06 - 2009-09-03 20:45 - 00000000 ____D () C:\Program Files\Google
2015-05-22 10:01 - 2010-08-24 15:20 - 00000000 ____D () C:\Users\Pete\AppData\Local\Deployment
2015-05-22 09:10 - 2009-08-03 15:18 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 09:03 - 2009-11-07 00:03 - 00000000 ____D () C:\Users\Pete
2015-05-22 07:58 - 2015-04-28 15:05 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-22 07:48 - 2013-08-30 10:13 - 00000000 ____D () C:\Program Files\Smartfren Connex Modem
2015-05-22 07:48 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-14 06:38 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\rescache
2015-05-14 04:03 - 2009-07-14 11:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 04:03 - 2009-07-14 11:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(15).TXT
2015-05-14 04:03 - 2009-07-14 11:33 - 00380448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 04:02 - 2009-09-03 20:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 03:59 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 03:18 - 2009-09-02 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 03:17 - 2010-06-04 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2009-11-10 23:48 - 2013-03-02 14:24 - 0000318 _____ () C:\Users\Pete\AppData\Roaming\wklnhst.dat
2011-02-15 21:38 - 2013-01-12 12:20 - 0012288 _____ () C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-13 05:51 - 2012-06-12 08:25 - 0004096 ____H () C:\Users\Pete\AppData\Local\keyfile3.drm
2015-05-29 04:46 - 2015-05-29 04:46 - 0000726 _____ () C:\Users\Pete\AppData\Local\recently-used.xbel
2011-06-22 09:39 - 2011-06-22 09:40 - 0000000 _____ () C:\Users\Pete\AppData\Local\{03424EE6-5466-4D0D-8E77-BD9E9BE975EE}
2011-05-06 08:40 - 2011-05-06 08:40 - 0000000 _____ () C:\Users\Pete\AppData\Local\{0EF99317-952D-4D7E-82AF-F051770EB932}
2011-06-26 07:25 - 2011-06-26 07:25 - 0000000 _____ () C:\Users\Pete\AppData\Local\{3FB9C12C-3322-4022-B4E1-A7CE9140B7B3}
2009-11-09 21:56 - 2009-11-11 19:17 - 0000102 _____ () C:\ProgramData\lxdf
2012-01-24 09:35 - 2012-01-24 09:35 - 0005104 _____ () C:\ProgramData\qjaxlkio.dss
2010-11-19 19:24 - 2010-11-19 19:24 - 0913749 _____ () C:\ProgramData\SPL10DB.tmp
2010-12-09 21:47 - 2010-12-09 21:47 - 2735491 _____ () C:\ProgramData\SPL19BD.tmp
2009-11-11 17:16 - 2009-11-11 17:16 - 2777460 _____ () C:\ProgramData\SPL254.tmp
2010-07-09 16:10 - 2010-07-09 16:10 - 0519768 _____ () C:\ProgramData\SPL2AB8.tmp
2009-11-11 18:51 - 2009-11-11 18:51 - 0286513 _____ () C:\ProgramData\SPL30D4.tmp
2009-11-11 17:25 - 2009-11-11 17:25 - 2777460 _____ () C:\ProgramData\SPL365F.tmp
2009-11-11 19:13 - 2009-11-11 19:13 - 0286513 _____ () C:\ProgramData\SPL40A9.tmp
2010-05-18 20:16 - 2010-05-18 20:16 - 0694702 _____ () C:\ProgramData\SPL48A1.tmp
2009-11-11 17:38 - 2009-11-11 17:38 - 0291857 _____ () C:\ProgramData\SPL6170.tmp
2009-11-11 16:46 - 2009-11-11 16:46 - 0052084 _____ () C:\ProgramData\SPL7B78.tmp
2010-12-17 20:12 - 2010-12-17 20:12 - 0302600 _____ () C:\ProgramData\SPL8258.tmp
2010-07-09 16:28 - 2010-07-09 16:28 - 0519768 _____ () C:\ProgramData\SPL8361.tmp
2010-10-04 18:03 - 2010-10-04 18:03 - 0073624 _____ () C:\ProgramData\SPL8A1B.tmp
2010-08-19 15:31 - 2010-08-19 15:31 - 6100324 _____ () C:\ProgramData\SPL8C7C.tmp
2010-05-18 19:50 - 2010-05-18 19:50 - 0524116 _____ () C:\ProgramData\SPL90C1.tmp
2009-11-18 20:34 - 2009-11-18 20:34 - 15228454 _____ () C:\ProgramData\SPL91B3.tmp
2010-07-21 15:08 - 2010-07-21 15:08 - 4196013 _____ () C:\ProgramData\SPL95AA.tmp
2010-12-17 19:43 - 2010-12-17 19:43 - 0302600 _____ () C:\ProgramData\SPL9702.tmp
2010-09-03 16:55 - 2010-09-03 16:55 - 0387377 _____ () C:\ProgramData\SPL9929.tmp
2010-02-23 21:58 - 2010-02-23 21:58 - 4020308 _____ () C:\ProgramData\SPL9AC0.tmp
2009-11-11 17:31 - 2009-11-11 17:31 - 2777460 _____ () C:\ProgramData\SPLAD7D.tmp
2009-11-11 17:29 - 2009-11-11 17:29 - 2777460 _____ () C:\ProgramData\SPLB201.tmp
2010-09-03 16:59 - 2010-09-03 16:59 - 0387377 _____ () C:\ProgramData\SPLB224.tmp
2010-12-09 21:46 - 2010-12-09 21:46 - 2735491 _____ () C:\ProgramData\SPLB294.tmp
2011-01-26 16:35 - 2011-01-26 16:35 - 0332061 _____ () C:\ProgramData\SPLC488.tmp
2010-05-18 20:25 - 2010-05-18 20:25 - 0372952 _____ () C:\ProgramData\SPLD961.tmp
2009-11-18 20:25 - 2009-11-18 20:25 - 15228454 _____ () C:\ProgramData\SPLDD.tmp
2010-10-04 18:01 - 2010-10-04 18:01 - 0777300 _____ () C:\ProgramData\SPLDF10.tmp
2010-05-18 19:39 - 2010-05-18 19:39 - 0291992 _____ () C:\ProgramData\SPLE875.tmp
2010-05-06 16:47 - 2010-05-06 16:47 - 16489132 _____ () C:\ProgramData\SPLF7B2.tmp
 
Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
 
 
Some files in TEMP:
====================
C:\Users\Pete\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnullze.dll
C:\Users\Pete\AppData\Local\Temp\Quarantine.exe
C:\Users\Pete\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pete\AppData\Local\Temp\sqlite3.dll
C:\Users\Pete\AppData\Local\Temp\{AEBD749C-1A6C-4644-8AF2-E2CD5D2D49F3}-37.0.2062.120_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 00:07
 
==================== End of log ============================

 

Many thanks,

 

Pete.

 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Are you still needing any help?
 
Hi Barefeetpete,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....


We need to get a fresh scan from FRST.
  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Browser redirect

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP