Hello,
You have multiple infections on board. Do not use any USB mem. device until I tell you so.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
File: C:\Program Files (x86)\Miller\Miller.exe
File: C:\Users\Jason\CTX.DAT
CloseProcesses:
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {0a329ad5-633c-11e2-9228-844bf55a9418} - J:\LaunchU3.exe
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {1c53d473-2d5d-11e2-8c69-844bf55a9418} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {84c25b09-f282-11e2-92d8-844bf55a9418} - J:\Setup.exe
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {84c25b23-f282-11e2-92d8-844bf55a9418} - J:\Setup.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
SearchScopes: HKCU - {0CA0591C-6F14-45A7-BF31-364A7FD9CFC5} URL =
SearchScopes: HKCU - {48F72CC2-85DC-4DB9-BD26-B1434B866662} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123487&q={searchTerms}
SearchScopes: HKCU - {5F49F591-A930-44AE-AA32-0C0582111F13} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN16044707834907199&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6960D5E7-2D30-4A45-AAA0-4CF8D4A23234}&mid=32d17f921e8447d0943b5502b3be7deb-0&lang=en&ds=qw011&pr=sa&d=2012-11-26 11:54:44&v=13.2.0.4&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {99129112-8952-491C-A552-1855154F8E32} URL =
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jason\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKCU\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-05]
Task: {0709AD6F-C2F4-46D3-9B97-A523106FDB0D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6966CA4C-A809-49A3-AACD-C892278160D3} - System32\Tasks\4688 => Wscript.exe C:\Users\Jason\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
EmptyTemp:
C:\Program Files (x86)\Browsersafeguard
C:\Users\Jason\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx
C:\Program Files (x86)\MediaMall
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Download RogueKillerx64 from one of the following links and save it to your desktop:
http://www.adlice.com/softwares/roguekiller/
[*]Close all programs and disconnect any USB or external drives before running the tool.[/]
[*]Double-click RogueKiller.exe to run the tool [/color].[/]
[*]Once the Prescan has finished, click Scan.[/]
[*]Once the Status box shows “Scan Finished”, click the Delete button.[/]
When the Status box shows “Deleting Finished”, click the “Report” button to show the log.[/]
[]Copy and paste the report that opens into your next reply.
[list]
The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs[b]RKreport_DEL_mmddyyyy_hhmmss.log
[*]>>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs[b]RKreport_DEL_mmddyyyy_hhmmss.log
[/list]
Then read this guide from here and preform the MCShield scanning;
https://forum.avast.com/index.php?topic=53253.0
Post me the AllScan.txt logreprot.
Re-run FRST, press Scan button and post me the fresh FRST.txt logreprot.