Jump to content

Please check this out


Recommended Posts

Some sites behaving a bit odd over the last day or so. Can you check it out for me, thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2016 02
Ran by TEDISTED (administrator) on TEDISTED-PC (27-05-2016 22:30:31)
Running from C:\Users\TEDISTED\Desktop\Desktop
Loaded Profiles: TEDISTED (Available Profiles: TEDISTED)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft) C:\Program Files\Heimdal\HeimdalSecureDNS\DNSService.exe
(CSIS Security Group) C:\Program Files\Heimdal\Service\HeimdalAgentService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(CSIS Security Group) C:\Program Files\Heimdal\Client\HeimdalAgent.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-11] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-08-17]
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{05C66536-4798-4088-90FA-F1B04232753D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/webhp?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKLM -> {140260F3-37F5-4B5B-A63C-64B6BA0E6B0C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000 -> DefaultScope {4FB71FDE-5D44-4D92-B66A-5ADCB30894A7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000 -> {140260F3-37F5-4B5B-A63C-64B6BA0E6B0C} URL =
SearchScopes: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000 -> {4FB71FDE-5D44-4D92-B66A-5ADCB30894A7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-11] (AVAST Software)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050
FF Homepage: hxxp://www.bbc.co.uk/news/uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: British English Dictionary - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\extensions\en-GB@dictionaries.addons.mozilla.org [2015-02-19] [not signed]
FF Extension: WOT - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-19] [not signed]
FF Extension: FastestFox - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\extensions\smarterwiki@wikiatic.com.xpi [2015-02-20] [not signed]
FF Extension: Gmail Notifier (restartless) - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-04-12] [not signed]
FF Extension: Adblock Plus - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-06] [not signed]
FF Extension: Adblock Edge - C:\Users\TEDISTED\AppData\Roaming\Mozilla\Firefox\Profiles\q1t4d00b.default-1424371690050\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-27]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-27]

Chrome:
=======
CHR Profile: C:\Users\TEDISTED\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\TEDISTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (No Name) - C:\Users\TEDISTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R2 HeimdalSecureDNS; C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe [93776 2015-08-14] (Microsoft) [File not signed]
R2 HeimdalService; C:\Program Files\Heimdal\Service\HeimdalAgentService.exe [132688 2015-08-14] (CSIS Security Group) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-03-19] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-11] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-05-11] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-11] (AVAST Software)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\TEDISTED\AppData\Local\Temp\mfe_rr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 22:03 - 2016-05-11 22:22 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC8C8.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswCB59.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswD74B.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC28F.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswD940.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswBD50.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC4F1.tmp
2016-05-27 22:03 - 2016-05-11 22:22 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswBF73.tmp
2016-05-27 22:03 - 2016-05-11 22:19 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB939.tmp
2016-05-27 22:02 - 2016-05-11 22:20 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-26 20:35 - 2016-05-27 15:46 - 00000000 ____D C:\AdwCleaner
2016-05-12 17:58 - 2016-04-09 22:22 - 00638184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-12 17:58 - 2016-04-09 22:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-12 17:52 - 2016-04-09 21:32 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-12 15:07 - 2016-04-09 20:00 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-12 15:06 - 2016-04-09 22:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-12 13:19 - 2016-05-24 07:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-12 13:19 - 2016-05-12 13:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-12 13:19 - 2016-05-12 13:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-12 12:51 - 2016-04-09 21:37 - 03608808 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-12 12:51 - 2016-04-09 21:37 - 03556584 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-12 12:50 - 2016-03-10 18:07 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-12 12:46 - 2016-04-09 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-12 12:45 - 2016-04-23 18:03 - 12858880 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-12 12:45 - 2016-04-23 18:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-12 12:45 - 2016-04-23 18:01 - 09729536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-12 12:45 - 2016-04-23 18:00 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-12 12:45 - 2016-04-23 18:00 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-12 12:45 - 2016-04-23 18:00 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-12 12:45 - 2016-04-23 18:00 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-12 12:45 - 2016-04-23 18:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-05-12 12:45 - 2016-04-23 18:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-12 12:45 - 2016-04-23 17:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-12 12:45 - 2016-04-23 17:59 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-05-12 12:45 - 2016-04-23 17:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-05-12 12:45 - 2016-04-23 17:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-05-12 12:44 - 2016-04-09 20:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 22:26 - 2016-05-11 22:26 - 00000000 ____D C:\Users\TEDISTED\AppData\Roaming\AVAST Software
2016-05-11 22:25 - 2016-05-11 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-05-11 22:23 - 2016-05-11 22:22 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-11 22:23 - 2016-05-11 22:22 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-11 22:23 - 2016-05-11 22:19 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-11 22:20 - 2016-05-11 22:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-11 22:13 - 2016-05-11 22:36 - 00000000 ____D C:\Program Files\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 22:30 - 2014-06-13 09:20 - 00000000 ____D C:\FRST
2016-05-27 22:07 - 2014-04-16 20:45 - 00000000 ____D C:\Users\TEDISTED\Desktop\teds stuff
2016-05-27 22:00 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 22:00 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 22:00 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 21:59 - 2006-11-02 11:22 - 47972352 _____ C:\Windows\system32\config\software_previous
2016-05-27 21:59 - 2006-11-02 11:22 - 46923776 _____ C:\Windows\system32\config\system_previous
2016-05-27 21:59 - 2006-11-02 11:22 - 43253760 _____ C:\Windows\system32\config\components_previous
2016-05-27 21:59 - 2006-11-02 11:22 - 01048576 _____ C:\Windows\system32\config\default_previous
2016-05-27 21:59 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-05-27 21:59 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-05-27 21:58 - 2015-09-29 12:49 - 00000000 ____D C:\Users\detsi
2016-05-27 21:58 - 2015-01-05 20:26 - 00000000 ____D C:\Program Files\Passage3
2016-05-27 21:58 - 2014-04-24 18:36 - 00000000 ____D C:\ProgramData\Licenses
2016-05-27 21:58 - 2014-04-24 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-05-27 21:58 - 2014-04-24 18:35 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-05-27 21:58 - 2014-04-15 20:58 - 00000000 ____D C:\Users\TEDISTED
2016-05-27 21:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2016-05-27 21:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2016-05-27 21:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-05-27 20:42 - 2014-09-26 23:20 - 00000000 ____D C:\Users\TEDISTED\AppData\Local\Adobe
2016-05-25 17:28 - 2014-04-24 18:36 - 00000000 ____D C:\ProgramData\TEMP
2016-05-21 10:47 - 2014-04-17 22:06 - 00000000 ____D C:\Users\TEDISTED\AppData\Roaming\Skype
2016-05-21 10:43 - 2014-04-17 22:06 - 00000000 ____D C:\ProgramData\Skype
2016-05-20 12:04 - 2014-04-17 08:53 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-19 12:27 - 2014-10-18 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-18 21:10 - 2014-04-16 20:46 - 00000000 ____D C:\Users\TEDISTED\Desktop\unused
2016-05-12 18:12 - 2006-11-02 11:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-12 18:02 - 2006-11-02 14:01 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-12 18:01 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 17:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-05-12 16:25 - 2014-04-17 12:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-12 16:16 - 2006-11-02 13:47 - 00397568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 15:06 - 2014-04-15 22:43 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 13:33 - 2006-11-02 11:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 22:25 - 2015-01-05 23:06 - 00000000 ____D C:\ProgramData\Unchecky
2016-05-11 21:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-05-11 09:36 - 2015-02-24 22:53 - 00000000 ____D C:\Program Files\Pale Moon
2016-05-11 09:36 - 2014-04-24 17:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-06 10:36 - 2015-07-30 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-06 10:36 - 2015-02-24 20:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-05-03 08:12 - 2016-03-21 18:35 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2014-10-14 10:09 - 2015-01-18 14:59 - 0001356 _____ () C:\Users\TEDISTED\AppData\Local\d3d9caps.dat
2014-04-18 12:39 - 2014-05-14 21:23 - 0004608 _____ () C:\Users\TEDISTED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-21 17:28 - 2014-04-21 17:28 - 0220969 _____ () C:\ProgramData\1398097347.bdinstall.bin

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-27 22:18

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2016 02
Ran by TEDISTED (2016-05-27 22:31:59)
Running from C:\Users\TEDISTED\Desktop\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2014-04-15 16:43:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3306118321-2799461415-1222813793-500 - Administrator - Disabled)
Guest (S-1-5-21-3306118321-2799461415-1222813793-501 - Limited - Disabled)
TEDISTED (S-1-5-21-3306118321-2799461415-1222813793-1000 - Administrator - Enabled) => C:\Users\TEDISTED

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 21 NPAPI (HKLM\...\{C4E4BF86-4E27-4B8B-8BF9-A5BF1C7573A4}) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0422.2139.36895 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Heimdal (HKLM\...\Heimdal) (Version: 1.10.5.0 - CSIS Security Group)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
Pale Moon 26.2.2 (x86 en-US) (HKLM\...\Pale Moon 26.2.2 (x86 en-US)) (Version: 26.2.2 - Moonchild Productions)
PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skins (Version: 2008.0422.2139.36895 - ATI) Hidden
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Unchecky v0.4.3 (HKLM\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C5FE383-36FC-4489-B8E5-C133C3CB938D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {9BFFCFC0-B785-4524-A0C5-3712B22ED74E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A5D08630-9D9E-4505-B379-45FF153F40D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {A989470D-7E9E-4BB7-931D-D300263BCB0D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-11] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-11 22:20 - 2016-05-11 22:20 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-11 22:19 - 2016-05-11 22:19 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-23 17:53 - 2016-05-23 17:53 - 02977376 _____ () C:\Program Files\AVAST Software\Avast\defs\16052301\algo.dll
2016-05-11 22:20 - 2016-05-11 22:20 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-11 22:20 - 2016-05-11 22:20 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-27 22:05 - 2016-05-27 22:05 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052701\algo.dll
2008-10-08 10:24 - 2008-04-22 21:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2016-05-11 22:21 - 2016-05-11 22:22 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-24 22:53 - 2016-05-10 14:03 - 03060736 _____ () C:\Program Files\Pale Moon\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\secunia.com. -> hxxps://secunia.com.
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2016-05-27 22:00 - 00001961 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 5 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3306118321-2799461415-1222813793-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TEDISTED\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^TEDISTED^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\TEDISTED\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: Viber => "C:\Users\TEDISTED\AppData\Local\Viber\Viber.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{7096B345-2D9B-49E7-9B9B-C85072DAF534}] => (Allow) LPort=80
FirewallRules: [{F64AC4EF-84E3-4FBF-B576-ECD4E87010E4}] => (Allow) LPort=80
FirewallRules: [{EDDE3260-3142-47E7-B2A5-EEB5174BB845}] => (Allow) LPort=80
FirewallRules: [{62289433-FB98-42AB-B6B6-94F349FD08FE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4751F492-A82F-4BA7-BD38-F20037D87A50}] => (Allow) C:\Users\TEDISTED\AppData\Local\Temp\nsdEF91.tmp\CnetInstaller-10030584.exe
FirewallRules: [{DD050E0C-4700-4BFF-AD33-1E7149434461}] => (Allow) C:\Users\TEDISTED\AppData\Local\Temp\nsdEF91.tmp\CnetInstaller-10030584.exe
FirewallRules: [{0C1F7241-137F-407C-BB9D-CF17F1C66CB9}] => (Allow) C:\Users\TEDISTED\AppData\Local\Temp\nscC6BC.tmp\CnetInstaller-10030584.exe
FirewallRules: [{FFD01E2E-5DA3-4AA9-B748-4966A186A8E0}] => (Allow) C:\Users\TEDISTED\AppData\Local\Temp\nscC6BC.tmp\CnetInstaller-10030584.exe
FirewallRules: [{E54350B6-9A13-424D-B7DB-B61BD712D02B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7ECAC347-C091-45CD-BDD4-30A4A65D3E87}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{694C253B-9456-4734-B091-57B7519A66D5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

24-05-2016 07:56:06 Windows Update
25-05-2016 14:28:49 Scheduled Checkpoint
27-05-2016 09:25:47 Scheduled Checkpoint
27-05-2016 21:54:06 Restore Operation
27-05-2016 22:16:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Tun Miniport Adapter #3
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2016 10:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\7> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:48 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\7> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:47 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:47 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/27/2016 10:22:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (05/27/2016 10:22:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.221.745.0){022822CB-C608-4789-8516-D9D87910F353}200

Error: (05/27/2016 10:19:03 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: %%%82527 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %%%82524

    Error Code: 0x8050a001

    Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.

    Signatures loading: %%825

    Loading signature version: 1.221.457.0

    Loading engine version: %%%825270

Error: (05/27/2016 10:00:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VBoxAsw Support Driver%%3

Error: (05/27/2016 07:39:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VBoxAsw Support Driver%%3

Error: (05/27/2016 07:39:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 07:38:20 on 27/05/2016 was unexpected.

Error: (05/26/2016 01:59:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VBoxAsw Support Driver%%3

Error: (05/26/2016 01:58:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:55:31 on 26/05/2016 was unexpected.

Error: (05/19/2016 09:17:02 AM) (Source: Print) (EventID: 6161) (User: NT AUTHORITY)
Description: The document Picasa, owned by TEDISTED, failed to print on printer HP DeskJet 840C/841C/842C/843C. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 6684672. Number of bytes printed: 3926368. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TEDISTED-PC. Win32 error code returned by the print processor: Picasa0. Picasa1

Error: (05/19/2016 09:16:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VBoxAsw Support Driver%%3

Error: (05/19/2016 09:16:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:12:06 on 19/05/2016 was unexpected.


CodeIntegrity:
===================================
  Date: 2016-05-26 15:56:44.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:43.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:42.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:41.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:40.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:39.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:38.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:37.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:36.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-26 15:56:35.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Sempron(tm) SI-40
Percentage of memory in use: 60%
Total physical RAM: 1789.1 MB
Available physical RAM: 704.92 MB
Total Virtual: 3830.68 MB
Available Virtual: 2375.83 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:74.22 GB) (Free:25.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:73.36 GB) (Free:68.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: E2DB62BC)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=74.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)



STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1 | Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 02
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe



STEP 03
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.