Jump to content

Recommended Posts

My Microsoft Security Essentials have picked up a virus "BrowerModifier:Win32/SupTab" in a scan. It has isolated it but unable to remove it. I downloaded Malwarebytes onto a USB to try to run it to remove this but I suspect the virus is preventing the program from running. 

 

Any help would be appreciated. Thanks.

Link to post
Share on other sites

We will have to work outside windows to try to fix your problem:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).

    notepad.png Access the notepad and identify your USB drive

    In the Command Prompt please type in:

    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.

    FRST.gif Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.

    You need to replace e with the letter of your USB drive taken from notepad!

  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.

Link to post
Share on other sites

We will have to work outside windows to try to fix your problem:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).

    notepad.png Access the notepad and identify your USB drive

    In the Command Prompt please type in:

    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.

    FRST.gif Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.

    You need to replace e with the letter of your USB drive taken from notepad!

  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.

 

File attached (Sorry, could not attached it) 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015

Ran by SYSTEM on MININT-O9HFR6L (07-12-2015 19:12:54)

Running from g:\

Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe [927576 2010-08-25] (Dell, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)

HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)

HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-16] ()

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)

HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-03] (Malwarebytes Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-05] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-06-15] (Brother Industries, Ltd.)

HKLM\...\Run: [brStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-21] (Brother Industries, Ltd.)

HKU\Kin\...\Run: [FXCMUpload] => C:\Program Files\Myfxbook Ltd\Trading Station Publisher\Trading_Station_Publisher.exe [87040 2012-06-11] ()

HKU\Kin\...\Run: [backgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Kin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

HKU\Kin\...\Run: [Google Update] => C:\Users\Kin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)

HKU\Kin\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-24] (Brother Industries, Ltd.)

S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)

S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1962840 2015-09-11] (Dell Inc.)

S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [184152 2015-09-11] (Dell Inc.)

S2 DellUpdate; C:\Program Files\Dell Update\DellUpService.exe [237272 2015-08-26] (Dell Inc.)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-03] (Malwarebytes Corporation)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-29] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-29] (Microsoft Corporation)

S2 NOBU; C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe [2075480 2010-08-25] (Dell, Inc.)

S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-09] (NVIDIA Corporation)

S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-24] (Sonic Solutions)

S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-24] (Sonic Solutions)

S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-29] (Dell Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [29400 2015-09-11] (Dell Computer Corporation)

S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2015-05-22] (Dell Computer Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-04-03] (Malwarebytes Corporation)

S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)

S1 MpKsl3fddf76c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B59968F6-5C57-48A7-A1FD-B354BAF9EEB3}\MpKsl3fddf76c.sys [39168 2015-12-06] (Microsoft Corporation)

S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1215552 2011-06-07] (Ralink Technology Corp.)

S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)

S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [46160 2013-08-15] (Fuzhou Rockchip Electronics Co,Ltd.)

S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)

S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [14936 2013-01-24] (Scott)

S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-08-04] (Microsoft Corporation)

S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-08-04] (Microsoft Corporation)

S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-08-04] (Microsoft Corporation)

S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296192 2011-08-04] (Microsoft Corporation)

S1 A2DDA; \??\F:\Run\a2ddax86.sys [X]

S3 catchme; \??\C:\Users\Kin\AppData\Local\Temp\catchme.sys [X]

S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

S2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 19:12 - 2015-12-07 19:12 - 00000000 ____D C:\FRST

2015-12-06 18:32 - 2015-12-06 18:33 - 01719808 _____ (Farbar) C:\Users\Kin\Desktop\AAA.exe

2015-12-06 13:37 - 2015-12-06 13:37 - 00000030 _____ C:\Users\Kin\AppData\Roaming\mbam.context.scan

2015-11-22 02:16 - 2015-11-23 11:53 - 00000000 ____D C:\ProgramData\nWMiniPron

2015-11-22 02:16 - 2015-11-22 02:16 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

2015-11-22 02:15 - 2015-11-22 02:13 - 00126637 _____ C:\Users\Kin\Downloads\microsoft-word-2013 [1].exe

2015-11-18 16:05 - 2015-11-18 16:05 - 310739130 _____ C:\Windows\MEMORY.DMP

2015-11-18 16:05 - 2015-11-18 16:05 - 00573632 _____ C:\Windows\Minidump\111915-18298-01.dmp

2015-11-15 22:18 - 2015-11-15 22:18 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows

2015-11-15 22:18 - 2015-11-15 22:18 - 00000000 ____D C:\Program Files\Dell Support Center

2015-11-14 00:46 - 2015-11-14 00:46 - 00000000 ____D C:\Users\Kin\AppData\LocalLow\Oracle

2015-11-14 00:12 - 2015-11-14 00:12 - 00000017 _____ C:\Users\Kin\AppData\Local\resmon.resmoncfg

2015-11-12 12:17 - 2015-11-03 09:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2015-11-12 11:57 - 2015-11-12 11:57 - 00408704 _____ C:\Windows\Minidump\111315-73991-01.dmp

2015-11-10 15:10 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\shimeng.dll

2015-11-10 15:10 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll

2015-11-10 15:10 - 2015-10-29 09:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll

2015-11-10 15:10 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe

2015-11-10 15:08 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2015-11-10 15:08 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2015-11-10 15:08 - 2015-10-30 14:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2015-11-10 15:08 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2015-11-10 15:08 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2015-11-10 15:08 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2015-11-10 15:08 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\html.iec

2015-11-10 15:08 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2015-11-10 15:08 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll

2015-11-10 15:08 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2015-11-10 15:08 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2015-11-10 15:08 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2015-11-10 15:08 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2015-11-10 15:08 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2015-11-10 15:08 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2015-11-10 15:08 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2015-11-10 15:08 - 2015-10-30 14:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2015-11-10 15:08 - 2015-10-30 14:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2015-11-10 15:08 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2015-11-10 15:08 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2015-11-10 15:08 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2015-11-10 15:08 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2015-11-10 15:08 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2015-11-10 15:08 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll

2015-11-10 15:08 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2015-11-10 15:08 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2015-11-10 15:08 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2015-11-10 15:08 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2015-11-10 15:08 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2015-11-10 15:08 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2015-11-10 15:08 - 2015-10-30 14:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2015-11-10 15:08 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2015-11-10 15:08 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2015-11-10 15:08 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2015-11-10 15:08 - 2015-10-20 09:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2015-11-10 15:08 - 2015-10-20 09:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2015-11-10 15:08 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2015-11-10 15:08 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2015-11-10 15:08 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2015-11-10 15:08 - 2015-10-20 09:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll

2015-11-10 15:08 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2015-11-10 15:08 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2015-11-10 15:08 - 2015-10-19 16:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2015-11-10 15:08 - 2015-10-19 16:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2015-11-10 15:08 - 2015-10-19 16:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe

2015-11-10 15:08 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2015-11-10 15:08 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll

2015-11-10 15:08 - 2015-10-19 16:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll

2015-11-10 15:08 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe

2015-11-10 15:08 - 2015-10-19 16:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe

2015-11-10 15:08 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll

2015-11-10 15:08 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll

2015-11-10 15:08 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll

2015-11-10 15:08 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2015-11-10 15:08 - 2015-10-19 15:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys

2015-11-10 15:08 - 2015-10-19 15:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys

2015-11-10 15:08 - 2015-10-19 15:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys

2015-11-10 15:08 - 2015-10-13 08:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2015-11-10 15:08 - 2015-10-13 08:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys

2015-11-10 15:08 - 2015-10-12 20:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2015-11-10 15:08 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll

2015-11-10 15:08 - 2015-10-01 09:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll

2015-11-10 15:08 - 2015-09-23 05:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2015-11-10 15:08 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll

2015-11-10 15:07 - 2015-10-20 09:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll

2015-11-10 15:07 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll

2015-11-10 15:07 - 2015-10-20 09:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2015-11-10 15:07 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2015-11-10 15:07 - 2015-10-20 09:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll

2015-11-09 19:28 - 2015-11-09 19:28 - 00175338 _____ C:\Users\Kin\Documents\Dr Chong_RNSH_20102015_02.pdf

2015-11-09 19:27 - 2015-11-09 19:27 - 00335946 _____ C:\Users\Kin\Documents\Dr Chong_RNSH_20102015_01.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 00:01 - 2009-07-13 20:34 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-12-07 00:01 - 2009-07-13 20:34 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-12-06 11:43 - 2014-01-26 00:34 - 00000000 ____D C:\ProgramData\NVIDIA

2015-12-05 04:50 - 2015-07-27 17:12 - 00000000 ____D C:\Program Files\IncredibleCharts

2015-12-02 01:43 - 2013-08-13 21:58 - 00000000 ____D C:\Users\Kin\AppData\LocalLow\DivX_Browser_Bar

2015-12-02 00:02 - 2011-08-03 20:32 - 00000000 ____D C:\ProgramData\Sonic

2015-11-29 21:23 - 2012-03-28 15:13 - 00000000 ____D C:\Users\Kin\AppData\Local\CrashDumps

2015-11-28 20:29 - 2010-11-20 13:01 - 00783360 _____ C:\Windows\System32\PerfStringBackup.INI

2015-11-28 20:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf

2015-11-24 12:36 - 2014-04-25 23:18 - 00000000 ____D C:\Users\Kin\Documents\Military

2015-11-22 02:16 - 2015-08-29 22:42 - 00001137 _____ C:\Users\Kin\Desktop\Continue Microsoft Word 2013 Installation.lnk

2015-11-22 02:16 - 2013-08-15 22:00 - 00002431 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-20 16:26 - 2015-05-22 21:45 - 00000000 ____D C:\Users\Kin\Documents\Renovation

2015-11-18 16:05 - 2013-03-20 13:10 - 00000000 ____D C:\Windows\Minidump

2015-11-18 16:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows

2015-11-17 15:57 - 2015-11-03 15:57 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}

2015-11-16 02:22 - 2014-01-18 13:51 - 00000000 ____D C:\Users\Kin\Documents\Trading

2015-11-14 01:15 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2015-11-14 00:49 - 2012-05-12 00:55 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2015-11-14 00:27 - 2013-04-03 19:54 - 00995680 _____ C:\Windows\ntbtlog.txt

2015-11-14 00:25 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files

2015-11-13 13:37 - 2009-07-13 20:33 - 00551232 _____ C:\Windows\System32\FNTCACHE.DAT

2015-11-11 14:36 - 2010-11-20 16:47 - 00000000 ____D C:\Program Files\Windows Journal

2015-11-11 14:17 - 2012-08-09 19:51 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-11-11 02:06 - 2014-04-02 00:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2015-11-11 02:06 - 2011-08-03 20:15 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2015-11-11 01:39 - 2011-08-09 21:48 - 00155000 _____ C:\Users\Kin\AppData\Local\GDIPFONTCACHEV1.DAT

2015-11-11 01:38 - 2011-08-09 21:48 - 00000000 ____D C:\users\Kin

2015-11-11 01:30 - 2015-04-05 05:50 - 00000000 ___SD C:\Windows\System32\GWX

2015-11-11 01:30 - 2011-11-30 01:49 - 00000000 ____D C:\ProgramData\pdf995

2015-11-11 01:30 - 2011-09-22 05:19 - 00000000 ____D C:\Users\Kin\AppData\Roaming\vlc

2015-11-11 01:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-11-11 01:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration

Files to move or delete:

====================

C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:

====================

C:\Users\Kin\AppData\Local\Temp\ICReinstall_microsoft-word-2013.exe

C:\Users\Kin\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\Kin\AppData\Local\Temp\Runner.exe

C:\Users\Kin\AppData\Local\Temp\_is5D52.exe

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe

[2015-05-12 15:58] - [2015-04-12 19:19] - 0259072 ____A (Microsoft Corporation) 0780A42DBD7D9969F9BF4A19AA4285B5

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============

==================== Restore Points  =========================

Restore point date: 2015-11-26 11:56

Restore point date: 2015-11-27 13:49

Restore point date: 2015-11-27 13:50

Restore point date: 2015-11-30 12:04

Restore point date: 2015-11-30 13:47

Restore point date: 2015-12-03 13:48

Restore point date: 2015-12-04 13:59

Restore point date: 2015-12-06 18:41

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 4078.64 MB

Available physical RAM: 3528.86 MB

Total Virtual: 4076.93 MB

Available Virtual: 3536.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.96 GB) (Free:355.39 GB) NTFS

Drive e: (BROTHER) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

Drive g: () (Removable) (Total:1.87 GB) (Free:0.73 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (RECOVERY) (Fixed) (Total:15.76 GB) (Free:9.12 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 92DD304C)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 1.9 GB) (Disk ID: 34481175)

Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)

LastRegBack: 2015-11-29 15:02

==================== End of FRST.txt ============================

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.