Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Ads by DNSUnlocker (pop ups, forced links, webpages disabled)


  • Please log in to reply
1 reply to this topic

#1 BigRigCV

BigRigCV

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 25 August 2015 - 06:47 PM

Attached File  Addition.txt   56.17KB   6 downloads

 

First I would like to thank everyone here...whether you help me or not.  I have followed the preparation guide....and now this step has arrived.  My computer details are in my profile.    Again...thank you.
 
My house computer(the one that 7 people use throughout the day) has become infected.  I have run MbAM and AdwCleaner(can't find the logs...sorry) and removed a few things.  I have uninstalled "DNSUnlocker" and several other items of different names that I didn't know what they were.  MbAM and AdwCleaner now come up with 0 detected items.  http://imgur.com/GZpFwdV  This link shows part of what I have to deal with...every page(even this one) have those ads...and keyword hover ads.  At points the whole page becomes "un-clickable" except where the infected links are.
 
It is MY computer that I let my wife and kids use....to my dismay.  Nothing has been explicitly downloaded outright, that I am aware of.  I have interrogated them all.  But they go all over the world wide web and I'm home for 1/3 of the day 6 days a week, so I don't have a lot of time to look over everyone's shoulders.   lol.   Anyhow...on with the FRST log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by Matt (administrator) on MATT-PC (25-08-2015 16:26:07)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windowsarrow-10x10.png 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files Microsoft Securityarrow-10x10.png Client\MsMpEng.exe
() C: Windowsarrow-10x10.png\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) D:\GAMES\STEAM\Steam.exe
(Microsoft Corporation) C: Windowsarrow-10x10.png\System32\GWX\GWX.exe
(Valve Corporation) D:\GAMES\STEAM\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RAIDCALL.COM) D:\Communication\RaidCall\raidcall.exe
(Luis Cobian, CobianSoft) D:\Utility\BackUp  Cobian\Cobian.exe
(Luis Cobian, CobianSoft) D:\Utility\BackUp  Cobian\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-2084949182-1646306680-1326133944-1000\...\Run: [Steam] => D:\GAMES\STEAM\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C: Windowsarrow-10x10.png\System32\SPReview\SPReview.exe [301568 2014-09-15] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2084949182-1646306680-1326133944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2084949182-1646306680-1326133944-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C2D86C8-9434-4D9D-BC27-C8124983A888}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\lt04jquh.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Games\ARC\Arc\plugins\NPSWF32.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Matt\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2084949182-1646306680-1326133944-1000: @my.com/Games -> C:\Users\Matt\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-15] (My.com, Inc)
StartMenuInternet: FIREFOX.EXE - D:\Utility\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-08-24]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-24]
CHR Extension: (Mibbit webchat) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-08-24]
CHR Extension: (Marvel Comics) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2015-08-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-10-25] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-30] (BitRaider, LLC)
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-09-13] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-26] (EasyAntiCheat Ltd)
S2 MBAMService; D:\Utility\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3534784 2015-04-01] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-22] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-09-14] (BitRaider)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 16:26 - 2015-08-25 16:26 - 00008378 _____ C:\Users\Matt\Desktop\FRST.txt
2015-08-25 16:25 - 2015-08-25 16:26 - 00000000 ____D C:\FRST
2015-08-25 16:24 - 2015-08-25 16:25 - 02186752 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-08-25 16:16 - 2015-08-25 16:16 - 00041777 _____ C:\Users\Matt\Desktop\DxDiagAug252015.txt
2015-08-25 15:46 - 2015-08-25 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-08-25 15:14 - 2015-08-25 15:16 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Matt\Desktop\cbSetup.exe
2015-08-24 18:18 - 2015-08-24 18:22 - 00000000 ____D C:\AdwCleaner
2015-08-24 17:42 - 2015-08-24 18:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-24 17:42 - 2015-08-24 17:42 - 00000723 _____ C:\Users\Public\Desktop\MbAM.lnk
2015-08-24 17:42 - 2015-08-24 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-24 17:42 - 2015-08-24 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-24 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-24 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-24 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-24 17:39 - 2015-08-24 17:39 - 01605632 _____ C:\Users\Matt\Desktop\AdwCleaner.exe
2015-08-24 17:03 - 2015-08-24 17:03 - 00010240 _____ C:\Users\Matt\AppData\Local\recently-used.xbel
2015-08-24 13:05 - 2015-08-24 13:05 - 00000079 _____ C:\Users\Matt\Desktop\DNS Unlocker Removal From Chrome-Firefox-IE - HowToRemove.guide.url
2015-08-24 12:06 - 2015-08-24 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-24 12:05 - 2015-08-25 16:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-24 12:05 - 2015-08-25 12:10 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 12:05 - 2015-08-24 12:05 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-24 12:05 - 2015-08-24 12:05 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-23 23:40 - 2015-08-23 23:41 - 00931408 _____ (Google Inc.) C:\Users\Matt\Desktop\ChromeSetup.exe
2015-08-23 23:36 - 2015-08-23 23:37 - 114480888 _____ (Trimble Navigation Limited) C:\Users\Matt\Desktop\SketchUpMake-en-x64.exe
2015-08-13 21:26 - 2015-08-13 21:27 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Tera_Awesomium
2015-08-13 15:02 - 2015-08-13 15:02 - 00000000 ____D C:\ArcheAge
2015-08-11 10:32 - 2015-08-15 20:03 - 00000000 ____D C:\Users\Matt\Desktop\GameStuff
2015-08-10 10:51 - 2015-08-24 18:10 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder
2015-08-06 12:37 - 2015-08-04 13:22 - 07416016 _____ C:\Users\Matt\Desktop\OBS_0_654b_Installer.exe
2015-08-05 15:21 - 2015-08-05 15:22 - 00000000 ____D C:\ProgramData\SkySaga Infinite Isles
2015-08-05 15:21 - 2015-08-05 15:21 - 00000000 ____D C:\ProgramData\Caphyon
2015-08-05 15:20 - 2015-08-05 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkySaga Infinite Isles
2015-08-05 15:19 - 2015-08-05 15:32 - 00000000 ____D C:\Users\Matt\AppData\Roaming\SkySagaInfiniteIsles
2015-08-04 23:10 - 2015-08-04 23:10 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2015-08-04 23:10 - 2015-04-01 00:36 - 03534784 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-08-04 23:10 - 2004-12-30 05:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-08-04 23:10 - 2003-07-15 14:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-08-04 23:07 - 2015-08-04 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2015-08-03 04:38 - 2015-08-24 18:10 - 00000000 ____D C:\Program Files (x86)\Status Check
2015-08-01 18:08 - 2015-08-01 18:08 - 44814552 _____ (NETGEAR Inc.) C:\Users\Matt\Desktop\NETGEARGenie-install.exe
2015-07-29 17:32 - 2015-07-29 17:32 - 19646888 _____ (Microsoft Corporation) C:\Users\Matt\Desktop\MediaCreationToolx64.exe
2015-07-29 11:36 - 2015-07-29 11:36 - 00000000 ____D C:\Users\Matt\AppData\Local\Blizzard
2015-07-29 11:17 - 2015-07-29 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-07-26 10:06 - 2015-07-26 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 16:20 - 2009-07-13 21:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-25 16:20 - 2009-07-13 21:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-25 13:57 - 2014-09-13 02:44 - 01679085 _____ C:\Windows\WindowsUpdate.log
2015-08-25 03:58 - 2014-09-25 19:38 - 00000000 ____D C:\Users\Matt\AppData\Local\Glyph
2015-08-24 18:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-24 18:24 - 2009-07-13 21:51 - 00051897 _____ C:\Windows\setupact.log
2015-08-24 18:23 - 2014-09-13 03:43 - 00427048 _____ C:\Windows\PFRO.log
2015-08-24 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Speech
2015-08-24 18:10 - 2015-07-10 06:15 - 00000000 ____D C:\Program Files (x86)\Xdebug helper
2015-08-24 17:03 - 2015-05-22 21:50 - 00000000 ____D C:\Users\Matt\AppData\Local\gtk-2.0
2015-08-24 17:03 - 2015-05-22 21:46 - 00000000 ____D C:\Users\Matt\.gimp-2.8
2015-08-24 12:06 - 2014-09-13 03:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-23 23:56 - 2014-09-13 03:34 - 00000000 ____D C:\Users\Matt\AppData\Local\Google
2015-08-15 23:02 - 2014-09-25 21:25 - 00000000 ____D C:\Users\Matt\Documents\ArcheAge
2015-08-13 19:03 - 2015-03-07 12:44 - 00000000 ____D C:\Users\Matt\AppData\Roaming Guild Warsarrow-10x10.png 2
2015-08-13 12:16 - 2014-09-25 19:38 - 00000000 ____D C:\ProgramData\Glyph
2015-08-12 16:31 - 2015-01-04 00:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-08 18:05 - 2014-09-13 15:00 - 00000000 ____D C:\Users\Matt\AppData\Roaming\TS3Client
2015-08-07 18:41 - 2014-12-03 00:19 - 00000000 ____D C:\Users\Matt\AppData\Local\Battle.net
2015-08-02 13:42 - 2009-07-13 22:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 23:20 - 2014-09-16 19:57 - 00000764 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
 
==================== Files in the root of some directories =======
 
2015-05-31 18:51 - 2015-07-21 14:39 - 0000024 _____ () C:\Users\Matt\AppData\Roaming\appdataFr25.bin
2015-03-18 13:03 - 2015-05-14 17:59 - 0000020 _____ () C:\Users\Matt\AppData\Roaming\appdataFr3.bin
2015-08-24 17:03 - 2015-08-24 17:03 - 0010240 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel
2014-09-13 12:17 - 2014-09-13 12:17 - 0000017 _____ () C:\Users\Matt\AppData\Local\resmon.resmoncfg
2015-04-27 11:47 - 2015-04-27 11:47 - 0000798 _____ () C:\Users\Matt\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Matt\AppData\Local\Temp\31d6e07d87ca5eaf6b2447c07a6c1365.dll
C:\Users\Matt\AppData\Local\Temp\795534168148527468.exe
C:\Users\Matt\AppData\Local\Temp\99723d78a0a164643e41c4c4b25fa2b5.dll
C:\Users\Matt\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
C:\Users\Matt\AppData\Local\Temp\d85c558376995ba9cf34bc8649ec474e.dll
C:\Users\Matt\AppData\Local\Temp\dc7fef4d19fa156bd7a0905e072649c8.dll
C:\Users\Matt\AppData\Local\Temp\f4f08310fb10a66c0aa4808000146ccc.dll
C:\Users\Matt\AppData\Local\Temp\Gw2.exe
C:\Users\Matt\AppData\Local\Temp\hcuninstaller_20150208_124316_4884.exe
C:\Users\Matt\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Matt\AppData\Local\Temp\nvStInst.exe
C:\Users\Matt\AppData\Local\Temp\setacl.exe
C:\Users\Matt\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
C:\Users\Matt\AppData\Local\Temp\SRLDetectionLibrary3132687617816446784.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 03:43
 
==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:01 AM

Posted 27 August 2015 - 06:54 PM

hi BigRigCV

 

If you have already used Adwcleaner and uninstalled DNSunlocker you can try resetting Chrome and IE back to there defaults. If that dosnt work we can try something else. Usually Iam only online once per day so you may not get a reply back from me until the following day.

 

https://support.google.com/chrome/answer/3296214?hl=en

http://malwaretips.com/blogs/reset-internet-explorer-settings/

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users