We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
The MSE Forum Team would like to wish you all a very Happy New Year. However, we know this time of year can be difficult for some. If you're struggling during the festive period, here's a list of organisations that might be able to help
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Has MSE helped you to save or reclaim money this year? Share your 2025 MoneySaving success stories!
google search AVAST comes up with malicious virus
cepheus
Posts: 20,053 Forumite
Almost whatever search term I type into Google, AVAST flags a malicious virus warning, for several consecutive terms. I have run a full virus check today and switched my computer on and off, still continues. (System Windows 7 IE9)
AVAST network shield has blocked a harmful site
even if I type the word google into google it does
https://www.google.co.uk/search?hl=en&rlz=1I7GGHP_en-GB&q=google&oq=google&gs_l=serp.12..35i39l2j0l8.42659.127077.0.128451.13.6.7.0.0.0.187.705.3j3.6.0...0.0...1c.KcTLkOW_aIQ
am I being redirected somewhere? strange because the Google URL is still in front
avast! saved your computer from crashing
You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of [COLOR=inherit !important]malware[/COLOR] (viruses, [COLOR=inherit !important]spyware[/COLOR], and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.
AVAST network shield has blocked a harmful site
even if I type the word google into google it does
https://www.google.co.uk/search?hl=en&rlz=1I7GGHP_en-GB&q=google&oq=google&gs_l=serp.12..35i39l2j0l8.42659.127077.0.128451.13.6.7.0.0.0.187.705.3j3.6.0...0.0...1c.KcTLkOW_aIQ
am I being redirected somewhere? strange because the Google URL is still in front
avast! saved your computer from crashing
You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of [COLOR=inherit !important]malware[/COLOR] (viruses, [COLOR=inherit !important]spyware[/COLOR], and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.
0
Comments
-
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by stephen at 17:26:35 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3891.2430 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\SysWOW64\cryptainersrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [shtbki] "C:\Windows\System32\rundll32.exe" "C:\Users\stephen\AppData\Roaming\shtbki.dll",RichCompareBool
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110620094923
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\0756475627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244584F6D65684572623D223256305 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\C456967686021427D637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E013B8A-BE41-43B6-BEB6-85C6104005FD} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\aicv56t1.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\Windows\system32\Drivers\ssoftnt4.sys --> C:\Windows\system32\Drivers\ssoftnt4.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-10 44808]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-4 1811456]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-4 2320920]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-29 06:24:42
d
w- C:\Users\stephen\AppData\Local\{1DDCF4C5-5F42-4A62-B1B5-4211264666E8}
2012-07-29 06:24:31
d
w- C:\Users\stephen\AppData\Local\{2AAF93CD-F996-4833-AD9A-9E947BF66FCF}
2012-07-28 20:37:42
d
w- C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
2012-07-28 20:37:37 416768 ----a-w- C:\Users\stephen\AppData\Roaming\shtbki.dll
2012-07-28 14:22:44
d
w- C:\Users\stephen\AppData\Local\{4DFB0A2A-2B11-4410-BC2D-D8A21CDE081A}
2012-07-28 14:22:34
d
w- C:\Users\stephen\AppData\Local\{4E6FEA4A-FB52-43A6-8B01-D2656163D15B}
2012-07-28 05:35:20 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0275FDA2-79F4-43FA-A590-264260EC2C76}\mpengine.dll
2012-07-27 09:42:29
d
w- C:\Users\stephen\AppData\Local\{7FF2F997-B757-4236-84B0-F9D25059FFD3}
2012-07-27 09:42:17
d
w- C:\Users\stephen\AppData\Local\{6B2683DD-8362-4B19-9732-803A049880A3}
2012-07-26 21:28:00
d
w- C:\Users\stephen\AppData\Local\{4BB3C8B0-5150-4575-BE06-95234C9BE5C8}
2012-07-26 21:27:50
d
w- C:\Users\stephen\AppData\Local\{62249014-DB13-4AD7-974C-FA53A12BADC1}
2012-07-26 09:25:52
d
w- C:\Users\stephen\AppData\Local\{EC8CA9E8-0377-425D-98E5-8D8D7F1E12A2}
2012-07-26 09:25:43
d
w- C:\Users\stephen\AppData\Local\{AEB7C706-075A-47F1-98F5-3BE14BF1C8F0}
2012-07-25 20:17:16
d
w- C:\Users\stephen\AppData\Local\{617DFD8F-2CAA-4099-8E4A-C4A13A82DD72}
2012-07-25 20:17:05
d
w- C:\Users\stephen\AppData\Local\{999F628E-3F91-4D47-A77B-8FC1A43BD063}
2012-07-25 06:26:03
d
w-0 -
C:\Users\stephen\AppData\Local\{BEA36201-B2F0-46C9-8975-50CCAA8BCE0E}
2012-07-25 06:25:52
d
w- C:\Users\stephen\AppData\Local\{E164033D-C4EE-4BB7-8776-089A4A6D5E2C}
2012-07-24 08:12:43
d
w- C:\Users\stephen\AppData\Local\{890AF71F-1203-4CB8-B5BC-44ABAA01818D}
2012-07-24 08:12:33
d
w- C:\Users\stephen\AppData\Local\{5039B34C-2A42-4A89-B3B9-70387C3B89E5}
2012-07-23 20:12:04
d
w- C:\Users\stephen\AppData\Local\{9093ED4E-1799-41DB-99DA-28454163243F}
2012-07-23 20:11:54
d
w- C:\Users\stephen\AppData\Local\{8FF61BA4-80F6-4C45-953E-AD59427EF1D5}
2012-07-23 06:27:38
d
w- C:\Users\stephen\AppData\Local\{5252FBBB-2B5E-4B3B-BCCA-DE6D62F1B505}
2012-07-23 06:27:27
d
w- C:\Users\stephen\AppData\Local\{49335A93-B15C-4CE8-AB16-E801D9D97F11}
2012-07-22 18:25:28
d
w- C:\Users\stephen\AppData\Local\{5A7AC5C5-E0C0-460B-9F8D-DAB09C6B87A6}
2012-07-22 18:25:17
d
w- C:\Users\stephen\AppData\Local\{CFC12AF4-AE94-46A7-BDBD-253BDCDD66D4}
2012-07-22 06:24:48
d
w- C:\Users\stephen\AppData\Local\{5938729C-002E-474E-8B80-56428599DB17}
2012-07-22 06:24:38
d
w- C:\Users\stephen\AppData\Local\{7F0ABBE3-45AF-45C9-9FC3-9341E12EB418}
2012-07-21 06:23:37
d
w- C:\Users\stephen\AppData\Local\{41B57710-2056-40B4-B397-0A5319531805}
2012-07-21 06:23:27
d
w- C:\Users\stephen\AppData\Local\{D0F4F894-7B05-40F6-9939-8A122A411936}
2012-07-20 20:17:00
d
w- C:\Users\stephen\AppData\Local\{5429E97D-F829-49AA-BBF4-AD0CB919ABB4}
2012-07-20 06:30:25
d
w- C:\Users\stephen\AppData\Local\{95F3EC46-9AD8-48CF-BFF7-F956DD61D652}
2012-07-20 06:30:15
d
w- C:\Users\stephen\AppData\Local\{23F534B4-6666-4348-AB92-B7BBFFBE34D5}
2012-07-19 13:46:14
d
w- C:\Users\stephen\AppData\Local\{9E72B0C0-A090-451C-A873-728A1A37CB6F}
2012-07-19 13:46:03
d
w- C:\Users\stephen\AppData\Local\{DA50C083-71D8-494A-8A2B-E177E0A91F83}
2012-07-18 20:00:36
d
w- C:\Users\stephen\AppData\Local\{2720D71C-CEC8-4A1F-B312-DFEBF6E770D0}
2012-07-18 20:00:26
d
w- C:\Users\stephen\AppData\Local\{C8C2F218-5BD7-40DB-81D8-B9C104F27BEE}
2012-07-18 06:28:51
d
w- C:\Users\stephen\AppData\Local\{BC69428C-3253-45DA-9627-B1F09349B1AF}
2012-07-18 06:28:41
d
w- C:\Users\stephen\AppData\Local\{52F8E877-DD60-47BF-A739-303FC851E227}
2012-07-17 05:44:02
d
w- C:\Users\stephen\AppData\Local\{AF511A3C-9608-4BC3-9094-54E75323B944}
2012-07-17 05:43:52
d
w- C:\Users\stephen\AppData\Local\{FF4405BE-50C6-4CA4-8F39-E23B76D31A75}
2012-07-16 10:02:33
d
w- C:\Users\stephen\AppData\Local\{D380F1E5-73E7-42ED-B702-EAF1D7EE9A25}
2012-07-16 10:02:23
d
w- C:\Users\stephen\AppData\Local\{53E26D2C-92B8-40D4-9C44-BBE4A875BD2E}
2012-07-15 12:58:27
d
w- C:\Users\stephen\AppData\Local\{7FE5A034-E1F4-4190-AE79-D6F733596724}
2012-07-15 12:58:17
d
w- C:\Users\stephen\AppData\Local\{D0F70FA4-27F8-4B28-ACE6-2749BE14430D}
2012-07-14 05:29:24
d
w- C:\Users\stephen\AppData\Local\{354EB474-6AA8-4105-9244-EAC9D22E896C}
2012-07-14 05:29:14
d
w- C:\Users\stephen\AppData\Local\{AD83F098-F46A-419F-A9A0-160BF74A1B6F}
2012-07-13 08:29:22
d
w- C:\Users\stephen\AppData\Local\{DEBEE4FA-C3D5-47DC-9BAB-584CD23BBED9}
2012-07-13 08:29:11
d
w- C:\Users\stephen\AppData\Local\{ED1D8227-9361-4501-91A8-2EFD12254CBB}
2012-07-12 18:30:05
d
w- C:\Users\stephen\AppData\Local\{EA11C49D-E2E0-4B40-8434-8997B41F9EF5}
2012-07-12 18:29:55
d
w- C:\Users\stephen\AppData\Local\{4B5779F0-BC2B-4DEF-B415-7AD902A0A51E}
2012-07-12 06:02:47
d
w- C:\Users\stephen\AppData\Local\{CC2116F9-85FC-4360-9DE1-93907E3583D4}
2012-07-12 06:02:37
d
w- C:\Users\stephen\AppData\Local\{7AC33AFE-C0D6-418C-838E-F27F07238D88}
2012-07-11 22:07:31 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:20:42
d
w- C:\Users\stephen\AppData\Local\{EB59568B-FF0B-443B-A819-FCD91225EAB6}
2012-07-11 08:20:32
d
w- C:\Users\stephen\AppData\Local\{2956C0ED-029F-4282-BE23-F317C71A5ECA}
2012-07-11 07:57:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 07:57:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 07:57:58 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 07:57:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 07:57:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 07:57:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 07:57:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 07:57:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 07:57:56 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 07:57:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 07:57:56 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 07:57:56 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 07:57:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-10 19:35:21
d
w- C:\Users\stephen\AppData\Local\{C54B3EB3-880B-4467-B4FC-8F57B2477974}
2012-07-10 19:35:10
d
w- C:\Users\stephen\AppData\Local\{42A35032-99A1-4923-AD50-CE1751E0057C}
2012-07-10 06:45:34
d
w- C:\Users\stephen\AppData\Local\{8916449A-F960-4CF6-96E1-95DB160516E1}
2012-07-10 06:45:23
d
w- C:\Users\stephen\AppData\Local\{EFD55340-EBF0-45EB-BBBE-3F83BD5DD0DE}
2012-07-09 17:42:29
d
w- C:\Users\stephen\AppData\Local\{18C418C6-F587-4DDD-92B9-62976CEACE11}
2012-07-09 17:42:19
d
w- C:\Users\stephen\AppData\Local\{4CABC04D-0E74-4082-A5E3-23B3A9F2FF4F}
2012-07-09 05:41:51
d
w- C:\Users\stephen\AppData\Local\{092CBA4E-C71F-491E-A7D0-D5DBD12D1F01}
2012-07-09 05:41:41
d
w- C:\Users\stephen\AppData\Local\{D2FCA9B1-12C9-466C-BD9D-644129ACE447}
2012-07-08 15:24:27
d
w- C:\Users\stephen\AppData\Local\{84222767-A455-45A5-8920-74D2D8EC5EA1}
2012-07-08 15:24:17
d
w- C:\Users\stephen\AppData\Local\{9FC1C3E1-E1C7-48BD-B6E6-C71413B47D3D}
2012-07-08 12:46:25
d
w- C:\Users\stephen\AppData\Local\{E0C0F654-55DB-4CC5-92A8-FAE099810875}
2012-07-07 19:39:50
d
w- C:\Users\stephen\AppData\Local\{50A53731-E9F4-4D99-8FE2-4520196B71DB}
2012-07-07 19:39:39
d
w- C:\Users\stephen\AppData\Local\{ED8B921B-CBAE-40F6-87C5-FEA5334C5A92}
2012-07-07 07:19:46
d
w- C:\Users\stephen\AppData\Local\{34BDD62C-11DE-4C28-A655-6B1CD28392AD}
2012-07-07 07:19:36
d
w- C:\Users\stephen\AppData\Local\{D7F0EF46-F2EC-41AC-B2AE-9E06BA6F8680}
2012-07-06 07:53:31
d
w- C:\Users\stephen\AppData\Local\{7F838DD9-8883-4A5C-97E6-F8F0BEB50387}
2012-07-06 07:53:21
d
w- C:\Users\stephen\AppData\Local\{9EA2FD6F-DBB6-40A0-B86D-E2DD6D50AD4E}
2012-07-05 09:28:12
d
w- C:\Users\stephen\AppData\Local\{AD8737E0-0568-435D-9116-5084C55C5977}
2012-07-05 09:28:02
d
w- C:\Users\stephen\AppData\Local\{E2BFAB7A-D756-4506-8FA2-09A3AFB2ABC5}
2012-07-04 19:07:10
d
w- C:\Users\stephen\AppData\Local\{987F0EEE-CB24-4AFB-BED6-A25D28042376}
2012-07-04 19:07:00
d
w- C:\Users\stephen\AppData\Local\{981F2565-0C57-4877-B660-BFD531993707}
2012-07-04 05:31:22
d
w- C:\Users\stephen\AppData\Local\{1E85A754-DE6E-4B0E-8C7E-5B85B27FA4B0}
2012-07-04 05:31:12
d
w- C:\Users\stephen\AppData\Local\{8978BBAC-C11B-4F09-93D2-A95FDDFAE275}
2012-07-03 11:41:52
d
w- C:\Users\stephen\AppData\Local\{A43827E6-D0C3-4CC9-852D-23961862E7AE}
2012-07-03 11:41:41
d
w- C:\Users\stephen\AppData\Local\{AE02FE9A-2C82-473C-A073-46C736BA559A}
2012-07-02 21:42:23
d
w- C:\Users\stephen\AppData\Local\{7E7B14C4-87D8-497A-9F56-BAC573F85C2E}
2012-07-02 21:42:12
d
w- C:\Users\stephen\AppData\Local\{7C8583F3-22CA-4EB6-86EF-E7A809DA2D74}
2012-07-02 06:55:24
d
w- C:\Users\stephen\AppData\Local\{7B05E41F-5E41-409D-BF82-48F00B695D85}
2012-07-02 06:55:14
d
w- C:\Users\stephen\AppData\Local\{2FD6C067-2B46-455B-B8AF-BF96695430DC}
2012-07-01 07:53:16
d
w- C:\Users\stephen\AppData\Local\{D601DC68-3197-449E-BEA7-C71858C8F2E9}
2012-07-01 07:53:05
d
w- C:\Users\stephen\AppData\Local\{60A344EA-8F21-40BD-B560-3D2C9B962DE5}
2012-06-30 06:25:39
d
w- C:\Users\stephen\AppData\Local\{44367582-3361-4D4A-B363-86FA2D5DB6E5}
2012-06-30 06:25:28
d
w- C:\Users\stephen\AppData\Local\{C73A2B63-D1F9-493F-AA05-F352037AACAB}
.
==================== Find3M ====================
.
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-21 16:00:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 16:00:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-04 22:07:37 0 ----a-w- C:\Windows\SysWow64\shoBB9A.tmp
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656
w- C:\Windows\System32\MpSigStub.exe
2012-05-05 15:33:35 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 17:27:34.57 ===============0 -
This is certainly suspicious:
uRun: [shtbki] "C:\Windows\System32\rundll32.exe" "C:\Users\stephen\AppData\Roaming\shtbki.dll",Rich CompareBool
Install the free version of MBAM and run a quick scan. see if that gets it. If not we'll use another method.
http://helpdesk.malwarebytes.org/entries/20839693-where-can-i-download-the-latest-version-of-malwarebytes-anti-malware
http://helpdesk.malwarebytes.org/entries/20840058-how-do-i-install-malwarebytes-anti-malware
http://helpdesk.malwarebytes.org/entries/20863072-how-to-run-a-quick-scan0 -
waddler_8
Nothing on quick scan0 -
Your desktop will disappear whilst it deletes temp files, it'll come back on reboot.
Download OTL from here and save it to your Desktop.- Right click OTL.exe & choose "Run as Administrator" to start the program.
- Copy and Paste the following code into the
textbox. Do not include the word Code:
:Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "shtbki"=- :Files C:\Users\stephen\AppData\Roaming\shtbki.dll ipconfig /flushdns /c :Commands [CreateRestorePoint] [EmptyTemp]
- Then click the Run Fix button at the top.
- Click
. - OTL may ask to reboot the machine. Please do so if asked.
- The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
0 -
Not sure if that worked properly sice windows encountered a problem and rebooted itself. It did come up with this on reboot though
Files\Folders moved on Reboot...
C:\Users\stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...0 -
Are you still getting warnings from Avast?0
-
Waddler
I think it is working OK now, but it was a bit intermittent before. I will post later to confirm. Thanks for this.
What was happening, hijack & redirection?
Should I remove that link in the first post?
Strange AVAST itself didn't pick it up, although it has just updated.0 -
Yes, it looked as though you were being hijacked & redirected.
Click start > computer > Windows (C:) drive.
Look for the _OTL folder & click through MovedFiles etc until you reach the file: shtbki.dll
Once you know it's there, upload it to VirusTotal.
https://www.virustotal.com/ (Click on choose file > navigate to the file & scan it)
Post a link to the report here.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.8K Spending & Discounts
- 246.1K Work, Benefits & Business
- 602.2K Mortgages, Homes & Bills
- 177.8K Life & Family
- 260K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards