MalwareBytes is finding Trojans nearly every day after I check my email…I am not doing anything stupid in my email opening. This is an old computer I use for photo editing, and it freezes, I scan, a Trojan is there. It’s mostly in the same Registry location…is it replicating itself there? Would deleting that registry key stop it? I don’t know how it is getting past my Avast Protection/firewall, etc.

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Can you attach the MBAM scan log?

Please download Malwarebytes Anti-Rootkit from here

[*]Unzip the contents to a folder in a convenient location.
[*]Open the folder where the contents were unzipped and run mbar.exe
[*]Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
[*]Click on the Cleanup button to remove any threats and reboot if prompted to do so.
[*]Wait while the system shuts down and the cleanup process is performed.
[*]Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
[*]When done, please post the two logs produced they will be in the MBAR folder… mbar-log.txt and system-log.txt

OK, it’s taken me all day to get FRST to download and scan…finally done…and a few MBAM logs exported. Let me know if anything is missing, please. Thanks.

Did you scan with Malwarebytes’ Anti-Rootkit?

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Yes, I did scan with MBAR, just forgot to attach that scan…will attach now with FRST fixlist.
Re the Desktop of the September discussion, I found that the network card is apparently destroyed, still can’t get it online, and also somehow, the name of my default printer has been changed, so that I could not print over my network. I would still like to have some answers to the original question of how these Trojans are getting past my Avast firewall/protection, and what I can do to prevent further damage to my equipment and data? And if you would please tell me what you are finding from my logs, it would be helpful to have them translated so that I can understand what is affecting my computer. Thank you for your assistance.

I would still like to have some answers to the original question of how these Trojans are getting past my Avast firewall/protection,

In your reply nr#3 you have attached Malwarebytes protection log twice, please attach Malwarebytes scan log so dbrisendine can se what is detected

The Fixlist.txt you ran is NOT the one I provided to you. Where did it come from?

Not sure how I got the wrong fixlist attached, but am attaching what I hope is the right one…in my first post I attached a copy of the scan log, and am attaching the one I just did this morning. This trojan turns up in the same registry key over and over…does it clone itself there? and would it be harmful to delete that registry key?

Second time today: at 1:00pm Another scan result

Another note: on my Vista SP2 computer, first, there is no “Program Data” file on the C drive…second, in the Avast Software file, I have not been able to find a record of my boot scan results. Do you know where I might find that log?

Is the one on your primary system appear to be ghosted?

It likely is, it will be re-hidden. It’s a Windows Folder, don’t delete it!!

I will find the Avast! Save location as soon as possible

I can’t find anything concrete, but you might be able to locate it under “C:\ProgramData\Avast Software\Avast\Log”

or

“C:\ProgramData\Avast Software\Avast\report”

That’s the problem, in Vista SP2, there isn’t a Program Data File…I think I found it?? but there is only one scan on it, so where are all the rest…this is in the Program File, Avast Software, aswMBR…does that sound right? Attaching…see if this is what I’m looking for.
Thanks
PS, I don’t know if the registry file is ghosted…how would I tell?

Just scanned with MBAM again, 3rd time since this morning it is there again…

Is there an issue I am not understanding here? You posted the same Fixlog.txt log file twice now and did not say where you got the file from. Are you getting help from another source and / or working on two different systems or what?

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

No, I am not working with anyone else, or on another system. I have done everything you asked me to do, and the fixlog is from the FRST scan of 11/20 and the previous logs from the day before…11/19, the Additions and FRST scan. I didn’t realize I’d sent the fixlog twice, pardon my error. I am just hoping to find a way to stop this Trojan, which may have been the cause of the destruction of my Desktop computer, which I hope to rebuild this week, if I get the memory stick. I hope to prevent this laptop from being similarly destroyed…I need it.

Are you saying you want me to start all over with the FRST scans and logs? A complete re-do?

Don’t need a complete redo yet; just follow these steps and then we will go from there. Thanks.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Youtube Mp3 Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\MountPoints2: {2ec08c1c-0914-11de-bdfb-001e339035d3} - F:\LaunchU3.exe -a
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\...\MountPoints2: {a58c71df-023d-11e3-b860-001e339035d3} - E:\menu.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1324741842&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF Homepage: hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1431382295&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=hxxps:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-01] (Freemake) [File not signed]
C:\ProgramData\Freemake
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-08-13] ()
C:\Windows\system32\drivers\hitmanpro37.sys
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
C:\Windows\system32\Drivers\secdrv.sys
2015-10-22 16:34 - 2015-09-24 15:37 - 00000000 ____D C:\Program Files\Freemake
2013-07-24 13:43 - 2013-07-24 13:43 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1D2680C9-0E2A-469D-B787-065558BC7D43}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{681EE9BC-D825-4A1D-BA73-A4C1C173C2DB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{7444C719-39BF-11D1-8CD9-00C04FC29D45}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{88C6C381-2E85-11D0-94DE-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{F5175861-2688-11D0-9C5E-00AA00A45957}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-930250783-1986003217-1596953152-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> no filepath
HKU\S-1-5-21-930250783-1986003217-1596953152-1000\Software\Classes\.exe:  =>  <===== ATTENTION
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

All done, have been using private browsing on Firefox, feels safer (hope it is). And setting up sync just to see how the computer is performing, and to see if it freezes as usual…it didn’t…Thanks!

So I just ran MBAM scan, and am so disappointed to find the same Trojan there…this is 5-6 hrs after the fix.

Pictures are nice but in this case the complete log from Malwarebytes will help me nail this one.

Open Malwarebytes’ Anti-Malware.
Click on History.
Click on Application Logs.
Click on one of the Scan Log.
Click on the Export (bottom left hand corner) and select Text file (*.txt).
Select a name that is easy to remember ( like MBAM_scan log.txt) and a location to save the file to. It is easiest to save this to the desktop.
Attach this file to a reply post here; this will have a detail of the Key path in the Registry. Thanks.

Ok, here is the log: