WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vosteran Infected - Help Please! [Solved]

Started by jadeseef , Jan 13 2015 07:02 PM

Vosteran

This topic is locked

40 replies to this topic

#16 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 January 2015 - 05:16 PM

Boot back up in normal windows , do you remember where you saved it ? On your desktop or maybe your downloads folder ?? There are other scanners but most wont work with Win 8

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#17 jadeseef

Authentic Member

Authentic Member
21 posts

Posted 15 January 2015 - 05:42 PM

Alright, I was able to find it in downloads and I did a scan before I switched back. When i switched back I could only find this file I'm not sure if this is the right one and if I need to keep looking for the other one?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01

Ran by Elisha (administrator) on ELISHA on 15-01-2015 17:13:02

Running from C:\Users\Elisha\Downloads

Loaded Profiles: Elisha & (Available profiles: Elisha)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe

() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrcui.exe

(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrrealtime.p5x

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))

HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe"

AppInit_DLLs-x32: C:/PROGRA~3/{2809C~1/171~1.0/rala.dll => C:/PROGRA~3/{2809C~1/171~1.0/rala.dll [649216 2015-01-13] ()

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-14]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtC0Czyzy0Azz0E0CyD0EtN0D0Tzu0StCtCtDzztN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzzyEyEzy0CyB0CtG0AtA0DyDtG0CyEzytBtGtA0B0BtAtGyCyCtCtC0EtDyEtCzyzztC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyD0AtCyBtDtGyB0FtCzytGyEyC0CzztG0AzztC0BtG0A0EtC0ByC0AtBzztBtDyDtD2Q&cr=1776513807&ir="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]

CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]

CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]

CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]

CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]

CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]

CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]

CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]

CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]

R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()

R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)

R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)

R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]

R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 17:02 - 2015-01-15 17:02 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-01-14 17:55 - 2015-01-14 17:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\PCDr

2015-01-14 17:54 - 2015-01-14 17:54 - 00000000 ____D () C:\ProgramData\PCDr

2015-01-14 17:32 - 2015-01-14 17:32 - 00000000 ____D () C:\Users\Elisha\Downloads\FRST-OlderVersion

2015-01-14 00:12 - 2015-01-15 17:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-14 00:11 - 2015-01-15 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-14 00:11 - 2015-01-14 00:11 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-14 00:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-14 00:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-14 00:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-14 00:08 - 2015-01-14 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisha\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-14 00:05 - 2015-01-14 00:05 - 00000813 _____ () C:\Users\Elisha\Desktop\JRT.txt

2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Windows\ERUNT

2015-01-13 23:56 - 2015-01-13 23:57 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (2).exe

2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT.exe

2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (1).exe

2015-01-13 23:44 - 2015-01-13 23:49 - 00000000 ____D () C:\AdwCleaner

2015-01-13 23:43 - 2015-01-13 23:43 - 02191360 _____ () C:\Users\Elisha\Downloads\AdwCleaner.exe

2015-01-13 22:24 - 2015-01-15 00:20 - 00000929 _____ () C:\Users\Elisha\Downloads\Addition.txt

2015-01-13 22:23 - 2015-01-15 17:13 - 00020681 _____ () C:\Users\Elisha\Downloads\FRST.txt

2015-01-13 22:21 - 2015-01-15 17:13 - 00000000 ____D () C:\FRST

2015-01-13 22:21 - 2015-01-14 17:32 - 02125312 _____ (Farbar) C:\Users\Elisha\Downloads\FRST64.exe

2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG

2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe

2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}

2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe

2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe

2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk

2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP

2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe

2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe

2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64

2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton

2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus

2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe

2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log

2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON

2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll

2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar

2014-12-17 09:10 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2014-12-17 09:10 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 17:08 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2015-01-15 17:06 - 2014-11-28 20:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002

2015-01-15 17:05 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}

2015-01-15 17:05 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update

2015-01-15 17:02 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-15 17:02 - 2014-12-03 20:23 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha

2015-01-15 17:02 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive

2015-01-15 17:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2015-01-15 00:17 - 2014-10-23 12:33 - 01827848 _____ () C:\Windows\WindowsUpdate.log

2015-01-14 23:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-14 23:54 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin

2015-01-14 23:54 - 2013-08-22 09:46 - 00023338 _____ () C:\Windows\setupact.log

2015-01-14 23:54 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-14 22:36 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-14 21:19 - 2014-03-18 04:44 - 00019296 _____ () C:\Windows\PFRO.log

2015-01-14 21:19 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-01-14 21:18 - 2014-12-02 20:48 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 21:09 - 2014-12-02 20:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-14 15:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-01-14 02:30 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps

2015-01-14 00:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\DesktopTileResources

2015-01-13 23:56 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-13 23:42 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini

2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files

2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity

2015-01-10 00:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website

2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages

2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-12-19 23:07 - 2014-10-23 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2014-12-19 23:03 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha

2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS

2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS

Some content of TEMP:

====================

C:\Users\Elisha\AppData\Local\Temp\Quarantine.exe

C:\Users\Elisha\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 January 2015 - 06:15 PM

Great Job :thumbup:

I need to see the Additions log also but lets do this first

Do this, first lets set Chome back to defaults because I still see Vosteran on it

Click the Chrome menu on the browser toolbar.

Select Settings.

Scroll down to Show advanced settings...

Down on the bottom you will see an option for RESET BROWSER SETTINGS

Click on it and it will set Chome back to defaults

Then go to your downloads folder and look for FRST64, right click on it and select CUT, then come back to your desktop , right click on a blank space and select PASTE

Then right click on FRST64 on your desktop and select RUN AS ADMINISTRATOR, when it opens check mark Additions and run new scan and post both new logs please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 jadeseef

Authentic Member

Authentic Member
21 posts

Posted 15 January 2015 - 07:00 PM

I did what you said with the FRST and did a scan it's doing what it was before, but this time the logs showed up in a blank space on the screen. Anyway I got it, but I can't exit out of FRST for some reason.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01

Ran by Elisha (administrator) on ELISHA on 15-01-2015 19:49:38

Running from C:\Users\Elisha\Desktop

Loaded Profiles: Elisha (Available profiles: Elisha)