Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe, Csrss.exe and Firefox.exe... has encountered a problem.....


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ali_11

Ali_11

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 17 April 2017 - 03:51 AM

My system is infected with malware with several malicious files running at logon. Which are causing errors like ' Svchost.exe, Csrss.exe and Firefox.exe has encountered a problem..........'

Help me fix the Problem !

Thanx

 

Farbar Recovery Tool



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:05 PM

Posted 18 April 2017 - 07:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I neef more information. Please post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

#3 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 18 April 2017 - 07:57 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2017 01
Ran by  (administrator) on -1 (18-04-2017 17:52:28)
Running from C:\Documents and Settings\\My Documents\Downloads
Loaded Profiles:  (Available Profiles: )
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\RocketDock\RocketDock.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Google, Inc) C:\Documents and Settings\\Local Settings\Application Data\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Documents and Settings\\Application Data\iconrdb.exe
(V-Link.) C:\Program Files\V-Link\Common\RaUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ralink Technology, Corp.) C:\Program Files\V-Link\Common\RaRegistry.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Documents and Settings\\My Documents\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-12-10] (Avast Software s.r.o.)
HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [syshost32] => C:\WINDOWS\Installer\{771553A3-0805-5595-17D6-C844F776CDAA}\syshost.exe [205666 2017-04-05] ()
HKLM\...\Policies\Explorer\Run: [15020078] => C:\Documents and Settings\All Users\msqnrorro.exe [102339456 2008-04-14] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Google Update] => C:\Documents and Settings\\Local Settings\Application Data\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-12] (Google Inc.)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Google Photos Backup] => C:\Documents and Settings\\Local Settings\Application Data\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3997752 2016-12-11] (Tonec Inc.)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Client Server Runtime Process] => C:\Documents and Settings\\Application Data\csrss.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Documents and Settings\\Application Data\csrss.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Service Host Process for Windows] => C:\Documents and Settings\\Application Data\svchost.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Host-process Windows (Rundll3.exe)] => C:\Documents and Settings\\Application Data\svchost.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [iconrdb] => C:\Documents and Settings\\Application Data\iconrdb.exe [5833056 2016-05-03] ()
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-10] (Avast Software s.r.o.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-11-18]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\V-Link Wireless Utility.lnk [2016-03-01]
ShortcutTarget: V-Link Wireless Utility.lnk -> C:\Program Files\V-Link\Common\RaUI.exe (V-Link.)
Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\x.vbs [2017-04-18] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34BDA04F-8AB9-40F9-914D-D396E28593FE}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (Avast Software s.r.o.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: smp00r96.default
FF ProfilePath: C:\Documents and Settings\Asad\Application Data\webradio-face99e7ab6d84ab7c662430c101b816\Profiles\smp00r96.default [2016-01-12]
FF ProfilePath: C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140 [2017-04-18]
FF Homepage: C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140 -> hxxps://www.facebook.com/
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140\Extensions\firefox@zenmate.com.xpi [2016-09-30]
FF Extension: (Dictionary Extension) - C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2016-04-27]
FF Extension: (IDM integration) - C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-01-28]
FF Extension: (Saved Password Editor) - C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-29]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\21v18juq.default-1461085325140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
FF HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Asad\Application Data\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Documents and Settings\Asad\Application Data\IDM\idmmzcc5 [2017-04-18] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-12-01] (Verimatrix, Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1960408961-879983540-1417001333-1001: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1960408961-879983540-1417001333-1001: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1960408961-879983540-1417001333-1001: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-12-01] (Verimatrix, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1441190414&z=1d0d1c647263a77fa6e40eagezcz7g6g9t5e7o5bfo&from=cmi&uid=MaxtorX6Y080M0_Y281M10C
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441190414&z=1d0d1c647263a77fa6e40eagezcz7g6g9t5e7o5bfo&from=cmi&uid=MaxtorX6Y080M0_Y281M10C"
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1441190881&z=7541d130f8abc9441d96066g6z2zag6gbtae0m5z4t&from=cmi&uid=MaxtorX6Y080M0_Y281M10C&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Profile: C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-25]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-01-25]
CHR Extension: (IDM Integration Module) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2016-11-18] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-12-10] (Avast Software s.r.o.)
S3 EasyAntiCheat; C:\WINDOWS\system32\EasyAntiCheat.exe [245544 2015-08-05] (EasyAntiCheat Ltd) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RalinkRegistryWriter; C:\Program Files\V-Link\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\V-Link\Common\RaMediaServer.exe [625728 2011-08-18] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-12-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-12-10] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-12-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-12-10] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-12-10] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-12-10] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-12-10] ()
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation) [File not signed]
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [140936 2016-09-21] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1209408 2011-09-06] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 13:54 - 2017-04-17 13:54 - 00000110 _____ C:\Documents and Settings\Asad\My Documents\errors malware.txt
2017-04-17 13:50 - 2017-04-17 13:50 - 00026198 _____ C:\Documents and Settings\Asad\My Documents\Addition.txt
2017-04-17 13:48 - 2017-04-17 13:48 - 00031780 _____ C:\Documents and Settings\Asad\My Documents\FRST.txt
2017-04-17 13:45 - 2017-04-18 17:52 - 00000000 ____D C:\FRST
2017-04-16 18:27 - 2017-04-16 18:27 - 00190502 _____ C:\Documents and Settings\Asad\My Documents\Computer.zip
2017-04-16 18:24 - 2017-04-16 18:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini041617-01.dmp
2017-04-16 18:22 - 2017-04-16 18:22 - 00117120 _____ C:\WINDOWS\system32\Drivers\e917.sys
2017-04-16 18:22 - 2017-04-16 18:22 - 00117120 _____ C:\WINDOWS\system32\Drivers\35b58319901659cf.sys
2017-04-16 14:29 - 2017-04-16 14:29 - 00094210 _____ C:\Documents and Settings\Asad\My Documents\ASAD-1.rar
2017-04-16 14:28 - 2017-04-16 14:29 - 04153164 _____ C:\Documents and Settings\Asad\My Documents\ASAD-1.arn
2017-04-16 14:16 - 2017-04-16 14:16 - 00094670 _____ C:\Documents and Settings\Asad\My Documents\Computer.rar
2017-04-16 13:46 - 2017-04-16 13:46 - 04134964 _____ C:\Documents and Settings\Asad\My Documents\Computer.arn
2017-04-15 13:57 - 2017-04-15 13:56 - 00090112 _____ C:\WINDOWS\Minidump\Mini041517-01.dmp
2017-04-15 13:55 - 2017-04-15 13:55 - 00113536 _____ C:\WINDOWS\system32\Drivers\f76f0c6451cfe2e7.sys
2017-04-15 13:55 - 2017-04-15 13:55 - 00113536 _____ C:\WINDOWS\system32\Drivers\10896.sys
2017-04-15 00:07 - 2017-04-15 00:07 - 00000541 _____ C:\Documents and Settings\Asad\My Documents\HBL.lnk
2017-04-14 13:22 - 2017-04-14 13:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini041417-01.dmp
2017-04-14 13:21 - 2017-04-14 13:21 - 00109952 _____ C:\WINDOWS\system32\Drivers\81a18dfadc026396.sys
2017-04-14 13:21 - 2017-04-14 13:21 - 00109952 _____ C:\WINDOWS\system32\Drivers\18930.sys
2017-04-09 19:27 - 2016-05-03 16:12 - 05833056 _____ C:\Documents and Settings\Asad\Application Data\iconrdb.exe
2017-04-09 19:23 - 2017-04-09 19:23 - 00090112 _____ C:\WINDOWS\Minidump\Mini040917-01.dmp
2017-04-09 19:22 - 2017-04-09 19:22 - 00109696 _____ C:\WINDOWS\system32\Drivers\fd55bd9557b6945b.sys
2017-04-09 19:22 - 2017-04-09 19:22 - 00109696 _____ C:\WINDOWS\system32\Drivers\e80e.sys
2017-04-08 13:50 - 2017-04-16 18:24 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-08 13:50 - 2017-04-08 13:50 - 00090112 _____ C:\WINDOWS\Minidump\Mini040817-01.dmp
2017-04-08 13:49 - 2017-04-08 13:49 - 00112384 _____ C:\WINDOWS\system32\Drivers\c8cf7efe2330557c.sys
2017-04-08 13:48 - 2017-04-08 13:48 - 00112384 _____ C:\WINDOWS\system32\Drivers\107ea.sys
2017-04-07 14:21 - 2017-04-07 14:21 - 00158720 _____ (Sysnative) C:\Documents and Settings\Asad\My Documents\SysnativeBSODCollectionApp.exe
2017-04-06 14:20 - 2017-04-06 14:20 - 00000654 _____ C:\Documents and Settings\Asad\My Documents\Speccy.lnk
2017-04-06 14:20 - 2017-04-06 14:20 - 00000000 ____D C:\Program Files\Speccy
2017-04-06 14:20 - 2017-04-06 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2017-04-05 13:53 - 2017-04-05 13:53 - 00000123 _____ C:\Documents and Settings\Asad\My Documents\errors.txt
2017-04-04 20:19 - 2017-04-04 20:19 - 06736244 _____ C:\Documents and Settings\Asad\My Documents\VID-20170319-WA0053.mp4
2017-04-04 20:13 - 2017-04-04 20:13 - 18152114 _____ C:\Documents and Settings\Asad\My Documents\VID-20170317-WA0010.mp4
2017-04-04 20:09 - 2017-04-04 20:09 - 12111808 _____ C:\Documents and Settings\Asad\My Documents\VID-20170317-WA0009.mp4
2017-04-04 20:01 - 2017-04-04 20:01 - 07303339 _____ C:\Documents and Settings\Asad\My Documents\VID-20170131-WA0013.mp4
2017-04-01 18:58 - 2017-04-01 18:58 - 00709632 _____ C:\Documents and Settings\Asad\My Documents\heat stroke_2.ppt
2017-03-29 14:13 - 2017-03-29 14:13 - 00550906 _____ C:\Documents and Settings\Asad\My Documents\The Communist Manifesto.pdf
2017-03-26 14:23 - 2017-03-19 19:44 - 00001699 _____ C:\Documents and Settings\All Users\Start Menu\Grand Theft Auto III.lnk
2017-03-26 14:07 - 2017-03-26 14:10 - 00000686 _____ C:\Documents and Settings\Asad\Desktop\MaxPayne2.lnk
2017-03-24 18:25 - 2017-03-24 18:33 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\Women empowerment
2017-03-22 14:50 - 2015-09-02 21:38 - 00001609 _____ C:\Documents and Settings\All Users\Start Menu\Counter-Strike 1.6.lnk
2017-03-22 14:48 - 2016-10-19 19:55 - 00000425 _____ C:\Documents and Settings\All Users\Start Menu\Cleantouch English-Urdu-English Dictionary.lnk
2017-03-22 14:48 - 2016-08-28 14:18 - 00000497 _____ C:\Documents and Settings\All Users\Start Menu\FIFA.lnk
2017-03-22 14:48 - 2015-09-02 21:38 - 00001002 _____ C:\Documents and Settings\All Users\Start Menu\GameRanger.lnk
2017-03-21 13:47 - 2004-08-23 02:18 - 01486848 _____ (Remedy Entertainment) C:\Documents and Settings\All Users\Start Menu\MaxPayne 2.exe
2017-03-20 23:49 - 2017-03-20 23:48 - 00141666 __RSH () C:\WINDOWS\system32\rundll3.exe
2017-03-20 23:49 - 2017-03-20 23:48 - 00141666 __RSH () C:\Documents and Settings\Asad\Application Data\svchost.exe
2017-03-20 23:48 - 2017-03-20 23:48 - 00141666 __RSH () C:\Documents and Settings\Asad\Application Data\csrss.exe
2017-03-19 20:46 - 2017-04-09 20:43 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\Max Payne 2 Savegames
2017-03-19 20:41 - 2017-03-26 14:02 - 00000000 ____D C:\max payne

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-18 17:53 - 2015-06-30 20:32 - 00000000 ____D C:\Documents and Settings\Asad\Local Settings\Temp
2017-04-18 17:52 - 2015-12-10 13:24 - 00000360 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-04-18 17:48 - 2015-09-01 15:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2017-04-18 17:47 - 2015-07-01 16:56 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-18 17:47 - 2015-06-30 20:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-18 15:00 - 2015-08-07 16:20 - 00000000 ____D C:\Documents and Settings\Asad\Application Data\DMCache
2017-04-18 15:00 - 2015-06-30 20:32 - 00000178 ___SH C:\Documents and Settings\Asad\ntuser.ini
2017-04-18 15:00 - 2015-06-30 20:31 - 00032598 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-18 13:00 - 2015-07-01 20:28 - 00000000 ____D C:\Documents and Settings\Asad\Application Data\Skype
2017-04-18 12:59 - 2016-07-16 15:12 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2017-04-18 12:55 - 2015-07-01 16:56 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-18 12:47 - 2016-04-04 14:12 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-879983540-1417001333-1001UA.job
2017-04-18 12:41 - 2015-07-11 21:25 - 03246080 ___SH C:\Documents and Settings\Asad\My Documents\Thumbs.db
2017-04-18 12:37 - 2016-04-24 15:56 - 00000000 __SHD C:\WINDOWS\CSC
2017-04-18 00:32 - 2017-01-26 14:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-18 00:29 - 2015-06-30 20:32 - 00000000 ___SD C:\Documents and Settings\Asad\My Documents
2017-04-17 14:08 - 2015-06-30 20:32 - 00000000 ____D C:\Documents and Settings\Asad
2017-04-17 00:37 - 2015-06-30 20:14 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-16 19:09 - 2015-07-01 01:07 - 00496884 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 19:04 - 2015-07-01 01:01 - 00000000 ____D C:\WINDOWS\system32\mui
2017-04-16 13:43 - 2016-08-15 13:18 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\Kund Malir Trip
2017-04-16 13:42 - 2015-09-17 13:54 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\New Folder
2017-04-15 00:11 - 2016-04-20 21:03 - 00069120 ___SH C:\Documents and Settings\Asad\Desktop\Thumbs.db
2017-04-13 14:47 - 2016-04-04 14:12 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-879983540-1417001333-1001Core.job
2017-04-11 21:07 - 2008-04-14 22:30 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-07 14:49 - 2015-08-22 16:29 - 00000000 ____D C:\Documents and Settings\Asad\Application Data\vlc
2017-04-04 20:12 - 2017-03-09 16:57 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\Nikah
2017-04-03 13:56 - 2015-07-08 18:16 - 00000000 ____D C:\Documents and Settings\Asad\Application Data\PhotoScape
2017-04-03 13:56 - 2015-06-30 20:32 - 00000000 ___SD C:\Documents and Settings\Asad\My Documents\My Pictures
2017-04-01 00:20 - 2015-06-30 21:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-31 13:05 - 2016-11-25 00:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-29 14:14 - 2016-12-20 13:45 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\Pdf
2017-03-29 14:04 - 2017-02-04 23:59 - 00000000 ____D C:\Documents and Settings\Asad\Application Data\Telegram Desktop
2017-03-26 14:51 - 2016-12-22 13:55 - 00000000 ____D C:\Documents and Settings\Asad\My Documents\New Folder (6)
2017-03-21 13:54 - 2015-06-30 21:38 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-03-21 13:54 - 2015-06-30 21:38 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-03-20 23:49 - 2015-07-01 01:01 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-03-20 23:48 - 2015-06-30 20:31 - 00000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2017-03-20 23:48 - 2008-04-14 22:30 - 00141666 _____ () C:\WINDOWS\system32\rundll32.exe.tmp
2017-03-19 19:44 - 2016-10-16 22:56 - 00001699 _____ C:\Documents and Settings\Asad\My Documents\Grand Theft Auto III.lnk

==================== Files in the root of some directories =======

2012-09-17 14:22 - 2016-10-16 23:01 - 0074074 _____ () C:\Program Files\Uninstall.exe
2016-10-16 22:56 - 2016-10-16 23:01 - 0026635 _____ () C:\Program Files\Uninstall.ini
2017-04-09 19:27 - 2017-04-18 12:49 - 0018137 _____ () C:\Documents and Settings\Asad\Application Data\32434.log
2017-03-20 23:48 - 2017-03-20 23:48 - 0141666 __RSH () C:\Documents and Settings\Asad\Application Data\csrss.exe
2017-04-09 19:27 - 2016-05-03 16:12 - 5833056 _____ () C:\Documents and Settings\Asad\Application Data\iconrdb.exe
2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Documents and Settings\Asad\Application Data\qXPAMu4uc
2017-03-20 23:49 - 2017-03-20 23:48 - 0141666 __RSH () C:\Documents and Settings\Asad\Application Data\svchost.exe
2015-04-19 17:20 - 2015-04-19 17:20 - 0005872 _____ () C:\Documents and Settings\Asad\Application Data\uuXHjEHgvqN56vyz
2015-08-31 19:31 - 2017-03-09 16:56 - 0039936 _____ () C:\Documents and Settings\Asad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-02 16:40 - 2015-09-02 16:40 - 0628688 _____ (CMI Limited) C:\Documents and Settings\Asad\Local Settings\Application Data\nsd62E.tmp
2008-04-14 22:30 - 2008-04-14 22:30 - 102339456 ___SH () C:\Documents and Settings\All Users\msqnrorro.exe
2016-03-17 16:56 - 2016-03-17 16:56 - 0000676 _____ () C:\Documents and Settings\All Users\Start Menu.lnk
2015-12-07 19:39 - 2015-12-07 19:39 - 0044541 _____ () C:\Documents and Settings\All Users\Application Data\1449499170.bdinstall.bin
2015-12-07 19:49 - 2015-12-07 19:49 - 0273368 _____ () C:\Documents and Settings\All Users\Application Data\1449499347.bdinstall.bin
2015-12-07 20:17 - 2015-12-07 20:17 - 0037229 _____ () C:\Documents and Settings\All Users\Application Data\1449501427.bdinstall.bin
2015-12-07 20:17 - 2015-12-07 20:17 - 0058846 _____ () C:\Documents and Settings\All Users\Application Data\1449501432.bdinstall.bin
2015-12-07 20:19 - 2015-12-07 20:19 - 0096407 _____ () C:\Documents and Settings\All Users\Application Data\1449501554.bdinstall.bin
2015-09-02 15:41 - 2015-09-02 15:49 - 0000178 _____ () C:\Documents and Settings\All Users\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\Documents and Settings\All Users\msqnrorro.exe


Some files in TEMP:
====================
2017-03-27 13:58 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo1276132574.dll
2017-04-17 15:24 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo1477853436.dll
2017-04-10 13:49 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo1737804364.dll
2017-03-23 11:43 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo2049012612.dll
2017-03-20 23:48 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo2061716974.dll
2017-03-13 00:41 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo2136031421.dll
2017-03-17 13:45 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo2482580578.dll
2017-04-03 13:54 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo277183006.dll
2017-04-03 18:25 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3015244294.dll
2017-04-10 19:53 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3156559481.dll
2017-03-27 13:39 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3349349353.dll
2017-03-16 21:05 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3731401741.dll
2017-04-17 13:38 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3832511871.dll
2017-04-07 18:50 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3849030706.dll
2017-03-23 18:08 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo3930386772.dll
2017-03-20 23:48 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo4005414781.dll
2017-03-16 21:05 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo4211627271.dll
2017-04-07 14:19 - 2008-04-14 22:30 - 2091520 _____ (Microsoft Corporation) C:\Documents and Settings\Asad\Local Settings\Temp\cdo881419467.dll
2017-03-20 23:48 - 2017-03-20 23:48 - 0141666 _____ () C:\Documents and Settings\Asad\Local Settings\Temp\KB00117812.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2008-04-14 22:30] - [2008-04-14 22:30] - 0975872 ____A (Microsoft Corporation) 561A50497324F378E30F55D09B4E1258

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:05 PM

Posted 19 April 2017 - 08:21 AM

Firewall is disabled.
Turn ON your Firewall Windows.
https://support.microsoft.com/en-us/instantanswers/c9955ad9-1239-4cb2-988c-982f851617ed/turn-windows-firewall-on-or-off
===

Avast is also disable. Take care of this also.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Documents and Settings\\Application Data\iconrdb.exe
HKLM\...\Run: [syshost32] => C:\WINDOWS\Installer\{771553A3-0805-5595-17D6-C844F776CDAA}\syshost.exe [205666 2017-04-05] ()
HKLM\...\Policies\Explorer\Run: [15020078] => C:\Documents and Settings\All Users\msqnrorro.exe [102339456 2008-04-14] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Client Server Runtime Process] => C:\Documents and Settings\\Application Data\csrss.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Documents and Settings\\Application Data\csrss.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Service Host Process for Windows] => C:\Documents and Settings\\Application Data\svchost.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [Host-process Windows (Rundll3.exe)] => C:\Documents and Settings\\Application Data\svchost.exe [141666 2017-03-20] ()
HKU\S-1-5-21-1960408961-879983540-1417001333-1001\...\Run: [iconrdb] => C:\Documents and Settings\\Application Data\iconrdb.exe [5833056 2016-05-03] ()
Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\x.vbs [2017-04-18] ()
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1441190414&z=1d0d1c647263a77fa6e40eagezcz7g6g9t5e7o5bfo&from=cmi&uid=MaxtorX6Y080M0_Y281M10C
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441190414&z=1d0d1c647263a77fa6e40eagezcz7g6g9t5e7o5bfo&from=cmi&uid=MaxtorX6Y080M0_Y281M10C"
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1441190881&z=7541d130f8abc9441d96066g6z2zag6gbtae0m5z4t&from=cmi&uid=MaxtorX6Y080M0_Y281M10C&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Asad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\\Application Data\iconrdb.exe
C:\WINDOWS\Installer\{771553A3-0805-5595-17D6-C844F776CDAA}
C:\Documents and Settings\All Users\msqnrorro.exe
C:\Documents and Settings\\Application Data\csrss.exe
C:\Documents and Settings\\Application Data\svchost.exe
C:\Documents and Settings\\Start Menu\Programs\Startup\x.vbs

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Please let me know what problem persists with this computer.

#5 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 19 April 2017 - 09:12 AM

I want to confirm. Is this the location Farbar tool is running from > Running from C:\Documents and Settings\\My Documents\Downloads



#6 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 19 April 2017 - 09:33 AM

The problem is fixed. I have no words to define how Thankful I am. you're doing a great job helping people. God bless you. THANX

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:05 PM

Posted 19 April 2017 - 09:35 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 20 April 2017 - 03:40 AM

Ok, Thanx






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users