Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE repeatedly stops working, security settings can't be changed


  • This topic is locked This topic is locked
9 replies to this topic

#1 TheBleepingDave

TheBleepingDave

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 July 2015 - 10:54 PM

PC is on a network (wired, not wireless) with working broadband Internet connection.

Internet Explorer 9 (Vista) repeatedly stops working after brining up home page. Pop-ups say, "A problem caused the program to stop working". Windows popup, "looks for a solution" without success.

Security Essentials cannot complete update download.

Windows Firewall can't be turned on, "Due to an unidentified problem Windows cannot display Windows Firewall".

Windows update won't update.

"Problem Reports & Solutions" not working.

Microsoft "Help and Support" stops working.

Spibot Search & Destroy finds no issues

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015

Ran by Long (administrator) on LONG-PC (25-07-2015 22:30:02)
Running from J:\
Loaded Profiles: Long & UpdatusUser (Available Profiles: Long & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Capital Intellect, Inc.) C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4431872 2007-04-10] (Realtek Semiconductor)
HKLM\...\Run: [PinnacleDriverCheck] => C:\Windows\system32\PSDrvCheck.exe [393216 2003-02-28] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-04-17] (soft thinks)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\Run: [BFHP] => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe [415744 2015-05-21] (Capital Intellect, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk [2007-09-10]
ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> DefaultScope {70A2F7F6-964D-47A8-B747-3C282C8AACEC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
SearchScopes: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> {00B1988E-613F-4BC4-8270-CFA90B4BE213} URL = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> {EE94FF6F-3993-478B-863E-4616CE174C61} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2AE69751-CB0C-4491-A655-C2ADE011BBF4}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-04-23] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
CHR Extension: (Google Drive) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
CHR Extension: (Google Search) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07]
CHR Extension: (Gmail) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-17] (WildTangent)
S3 GamesAppService; C:\Program Files\WildTangent Games\App\GamesAppService.exe [197632 2014-04-23] (WildTangent, Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2007-05-21] (New Boundary Technologies, Inc.) [File not signed]
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [44288 2005-09-07] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [24960 2005-09-07] (Sonic Solutions) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-19] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S1 bdjszpmh; \??\C:\Windows\system32\drivers\bdjszpmh.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 btkrjgpq; \??\C:\Windows\system32\drivers\btkrjgpq.sys [X]
S1 cbrxoklt; \??\C:\Windows\system32\drivers\cbrxoklt.sys [X]
S1 Cdrdrv; \??\C:\Windows\system32\Drivers\Cdrdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vobiw; \??\C:\Windows\system32\Drivers\vobIW.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 22:29 - 2015-07-25 22:30 - 00000000 ____D C:\FRST
2015-07-25 21:02 - 2015-07-25 22:29 - 00001399 _____ C:\Windows\setupact.log
2015-07-25 21:02 - 2015-07-25 21:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2015-07-21 20:26 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:26 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 23:31 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 23:31 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 23:30 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 23:30 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 23:30 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 23:26 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 23:25 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 23:25 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 23:25 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 23:25 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 23:25 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 23:25 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 23:25 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 23:25 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:21 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:21 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 10:21 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 10:21 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:21 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 10:21 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 10:21 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:21 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 10:21 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 10:21 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 10:21 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 10:21 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 10:21 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 09:26 - 2015-07-15 09:26 - 18009776 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 22:25 - 2014-09-25 09:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 22:25 - 2014-04-23 09:51 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:02 - 2014-05-03 13:09 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 22:01 - 2015-01-04 19:16 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-25 22:01 - 2014-06-21 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-25 22:01 - 2014-05-03 13:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-25 21:59 - 2007-05-21 13:33 - 01191646 _____ C:\Windows\WindowsUpdate.log
2015-07-25 21:15 - 2014-04-23 09:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 21:15 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 21:15 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:15 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:09 - 2006-11-02 09:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-25 20:35 - 2006-11-02 06:33 - 00763538 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-23 17:12 - 2009-07-01 09:45 - 00002569 _____ C:\Users\Long\Desktop\Word 2003.lnk
2015-07-23 16:20 - 2010-03-01 17:51 - 00000000 ___RD C:\Users\Long\Desktop\Maintenance
2015-07-23 15:26 - 2007-09-10 16:44 - 00000000 ____D C:\Games.win
2015-07-22 08:33 - 2006-11-02 08:47 - 00387584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 11:31 - 2008-04-30 10:39 - 00000000 ____D C:\ProgramData\TEMP
2015-07-21 11:30 - 2007-09-10 18:03 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-07-17 17:01 - 2007-05-21 14:21 - 00231026 _____ C:\Windows\PFRO.log
2015-07-17 12:17 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\schemas
2015-07-17 12:17 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\MSAgent
2015-07-16 23:37 - 2013-08-03 15:41 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 23:29 - 2007-05-21 13:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 09:26 - 2014-05-07 12:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 09:26 - 2014-05-07 12:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 17:07 - 2014-05-16 10:18 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-14 17:07 - 2008-03-01 15:29 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-05 06:11 - 2010-11-20 19:40 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2007-09-27 17:00 - 2007-12-25 11:14 - 0000106 _____ () C:\Users\Long\AppData\Roaming\wklnhst.dat
2012-02-22 11:57 - 2013-12-13 12:40 - 0000680 _____ () C:\Users\Long\AppData\Local\d3d9caps.dat
2007-09-17 14:46 - 2008-05-02 23:25 - 0011776 _____ () C:\Users\Long\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-24 11:35 - 2011-02-24 11:35 - 0004096 ____H () C:\Users\Long\AppData\Local\keyfile3.drm
2014-06-21 15:24 - 2014-06-21 15:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-03-03 20:17 - 2011-06-09 10:12 - 0034800 _____ () C:\ProgramData\nvModes.001
2010-03-03 20:16 - 2011-06-09 10:12 - 0034800 _____ () C:\ProgramData\nvModes.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-25 21:21
 
==================== End of log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Long at 2015-07-25 22:30:50
Running from J:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1577918815-1314817441-1826117435-500 - Administrator - Disabled)
Guest (S-1-5-21-1577918815-1314817441-1826117435-501 - Limited - Disabled)
Long (S-1-5-21-1577918815-1314817441-1826117435-1000 - Administrator - Enabled) => C:\Users\Long
UpdatusUser (S-1-5-21-1577918815-1314817441-1826117435-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (Version: 10.0.2634 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (Version: WT021906 - WildTangent) Hidden
Bejeweled 2 Deluxe 1.1 (HKLM\...\Bejeweled 2 Deluxe 1.1) (Version: 1.1 - PopCap Games)
Bejeweled 3 (Version: 2.2.0.95 - WildTangent) Hidden
BigFix (HKLM\...\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}) (Version: 2.1.1.03 - BigFix)
Blackhawk Striker 2 (Version: WT021907 - WildTangent) Hidden
Blasterball 3 (Version: WT021908 - WildTangent) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cash Back Assistant (HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\{644CF48B-61FE-43E4-8B2E-7EAE916B49C4}_is1) (Version: 2013.3.19.3 - BeFrugal.com)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)
Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
Diner Dash - Flo on the Go (Version: WT021909 - WildTangent) Hidden
eMachines Connect (HKLM\...\{DF86A72C-4585-4D75-B592-968C8C6604A1}) (Version: 1.1.0 - Acceller)
eMachines Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - eMachines)
Family Feud 2 (Version: WT021910 - WildTangent) Hidden
FATE (Version: WT021681 - WildTangent) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Linkit_eBay (HKLM\...\{91B3BEC8-748B-4912-82ED-29D38E140B2A}) (Version: 1.0.0 - Gateway)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ActiveX Control Pad (HKLM\...\ActiveXControlPad) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.7.3.3 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Penguins! (Version: WT021912 - WildTangent) Hidden
Polar Bowler (Version: WT021913 - WildTangent) Hidden
Polar Golfer (Version: WT021914 - WildTangent) Hidden
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5397 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tradewinds (Version: WT022435 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Version: 4.0.11.9 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000_Classes\CLSID\{F8534A9F-4F29-4FDC-9CD9-023ACF0EF9B9}\InprocServer32 -> C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFNB.dll (Capital Intellect, Inc.)
 
==================== Restore Points =========================
 
22-07-2015 09:11:32 Scheduled Checkpoint
23-07-2015 10:52:41 Scheduled Checkpoint
25-07-2015 20:48:53 Windows Update
25-07-2015 21:02:15 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2007-01-03 02:30 - 00451037 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CB6ECE0-E0BA-4E08-B514-DCB26FDB356F} - System32\Tasks\{359F51D9-294D-4CE1-8640-2DDE1055DE08} => pcalua.exe -a J:\Browser\SETUPPAD.EXE -d J:\Browser
Task: {0CD84C83-6B39-48C7-8129-A58E8004B340} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {147DFA1F-2619-4F29-B64B-C52BD5AE3136} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: {4B8E8865-B712-4E4A-9A7C-2BCF10690021} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4F6DAB82-DC9A-47E9-A23D-B67F0EC9825C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {690345D9-F99F-46B7-A787-64F179FB4FF6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Long => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6DE52003-7561-44C1-B6AC-B3EB1440E1D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {D0EC032D-8E73-4217-BCF7-045DFAB194CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {F8F107FD-8B17-4E12-8BEA-7642D8D5CD57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exeEC:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3BeFrugal.com
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 11926 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1577918815-1314817441-1826117435-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2015 09:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0xe18, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:34:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0xeac, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:34:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0x450, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0x9f0, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:30:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0x610, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0x920, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:17:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16669, time stamp 0x5580c8aa, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000005, fault offset 0x0004782f,
process id 0xa40, application start time 0xiexplore.exe0.
 
Error: (07/25/2015 09:02:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
 
System Error:
Access is denied.
 
Error: (07/25/2015 09:02:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
 
System Error:
Access is denied.
 
Error: (07/25/2015 08:48:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
 
System Error:
Access is denied.
 
 
System errors:
=============
Error: (07/25/2015 09:58:16 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Long-PC60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %Long-PC51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %Long-PC602
 
Update Type: %Long-PC604
 
User: Long-PC\Long
 
Current Engine Version: %Long-PC605
 
Previous Engine Version: %Long-PC606
 
Error code: %Long-PC607
 
Error description: %Long-PC608
 
Error: (07/25/2015 09:58:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075
 
Error: (07/25/2015 09:58:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Microsoft Network Inspection SystemBFE
 
Error: (07/25/2015 09:58:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Long-PC60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %Long-PC15
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %Long-PC602
 
Update Type: %Long-PC604
 
User: Long-PC\Long
 
Current Engine Version: %Long-PC605
 
Previous Engine Version: %Long-PC606
 
Error code: %Long-PC607
 
Error description: %Long-PC608
 
Error: (07/25/2015 09:52:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Long-PC60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %Long-PC51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %Long-PC602
 
Update Type: %Long-PC604
 
User: Long-PC\Long
 
Current Engine Version: %Long-PC605
 
Previous Engine Version: %Long-PC606
 
Error code: %Long-PC607
 
Error description: %Long-PC608
 
Error: (07/25/2015 09:52:48 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Long-PC60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %Long-PC15
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %Long-PC602
 
Update Type: %Long-PC604
 
User: Long-PC\Long
 
Current Engine Version: %Long-PC605
 
Previous Engine Version: %Long-PC606
 
Error code: %Long-PC607
 
Error description: %Long-PC608
 
Error: (07/25/2015 09:52:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075
 
Error: (07/25/2015 09:52:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Microsoft Network Inspection SystemBFE
 
Error: (07/25/2015 09:47:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.203.500.0){A22CF570-0F2A-411D-AA2F-59189DC61A41}201
 
Error: (07/25/2015 09:46:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Long-PC60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %Long-PC51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %Long-PC602
 
Update Type: %Long-PC604
 
User: Long-PC\Long
 
Current Engine Version: %Long-PC605
 
Previous Engine Version: %Long-PC606
 
Error code: %Long-PC607
 
Error description: %Long-PC608
 
 
Microsoft Office:
=========================
 
CodeIntegrity Error:
===================================
  Date: 2015-07-25 22:30:18.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:30:18.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:30:17.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:30:16.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:53.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:52.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:51.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:50.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:49.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-25 22:22:48.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of memory in use: 47%
Total physical RAM: 1917.76 MB
Available physical RAM: 1014.39 MB
Total Virtual: 4079.97 MB
Available Virtual: 3127.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.45 GB) (Free:170.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.43 GB) (Free:4.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (EOS_DIGITAL) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C297FC9B)
Partition 1: (Not Active) - (Size=9.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 982.5 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 27 July 2015 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

Capital Intellect, Inc.) C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\Run: [BFHP] => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe [415744 2015-05-21] (Capital Intellect, Inc.)
S1 bdjszpmh; \??\C:\Windows\system32\drivers\bdjszpmh.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 btkrjgpq; \??\C:\Windows\system32\drivers\btkrjgpq.sys [X]
S1 cbrxoklt; \??\C:\Windows\system32\drivers\cbrxoklt.sys [X]
S1 Cdrdrv; \??\C:\Windows\system32\Drivers\Cdrdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vobiw; \??\C:\Windows\system32\Drivers\vobIW.sys [X]
Task: {147DFA1F-2619-4F29-B64B-C52BD5AE3136} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exeEC:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3BeFrugal.com
C:\Users\Long\AppData\Local\Programs\BeFrugal.com
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

#3 TheBleepingDave

TheBleepingDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 28 July 2015 - 04:18 PM

Thanks for your help.

 

Internet Explorer seems to be working normally.

 

 

Still cannot enable Windows Firewall or Windows Defender.

 

Security Essentials will still not complete an update

 

 

Here is the fixlog text:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Long at 2015-07-27 19:20:48 Run:1
Running from J:\
Loaded Profiles: Long & UpdatusUser (Available Profiles: Long & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

Capital Intellect, Inc.) C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\Run: [BFHP] => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe [415744 2015-05-21] (Capital Intellect, Inc.)
S1 bdjszpmh; \??\C:\Windows\system32\drivers\bdjszpmh.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 btkrjgpq; \??\C:\Windows\system32\drivers\btkrjgpq.sys [X]
S1 cbrxoklt; \??\C:\Windows\system32\drivers\cbrxoklt.sys [X]
S1 Cdrdrv;
\??\C:\Windows\system32\Drivers\Cdrdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vobiw; \??\C:\Windows\system32\Drivers\vobIW.sys [X]
Task: {147DFA1F-2619-4F29-B64B-C52BD5AE3136} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exeEC:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3BeFrugal.com
C:\Users\Long\AppData\Local\Programs\BeFrugal.com
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
*****************

Processes closed successfully.
Capital Intellect, Inc.) C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe => Error: No automatic fix found for this entry.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BFHP => value removed successfully.
bdjszpmh => service removed successfully.
blbdrive => service removed successfully.
btkrjgpq => service removed successfully.
cbrxoklt => service removed successfully.
Cdrdrv => service removed successfully.
\??\C:\Windows\system32\Drivers\Cdrdrv.sys [X] => Error: No automatic fix found for this entry.
IpInIp => service removed successfully.
Lavasoft Kernexplorer => service removed successfully.
Lbd => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
vobiw => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{147DFA1F-2619-4F29-B64B-C52BD5AE3136}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{147DFA1F-2619-4F29-B64B-C52BD5AE3136}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B02EF0B-A410-4938-8480-9BA26420A627}" => key removed successfully.
C:\Windows\Tasks\BeFrugal.com Toolbar.job => moved successfully.
C:\Users\Long\AppData\Local\Programs\BeFrugal.com => moved successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully..
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
EmptyTemp: => 907.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:24:08 ====

 

 

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.



start

EmptyTemp:
CloseProcesses:

Capital Intellect, Inc.) C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1577918815-1314817441-1826117435-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
HKU\S-1-5-21-1577918815-1314817441-1826117435-1000\...\Run: [BFHP] => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exe [415744 2015-05-21] (Capital Intellect, Inc.)
S1 bdjszpmh; \??\C:\Windows\system32\drivers\bdjszpmh.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 btkrjgpq; \??\C:\Windows\system32\drivers\btkrjgpq.sys [X]
S1 cbrxoklt; \??\C:\Windows\system32\drivers\cbrxoklt.sys [X]
S1 Cdrdrv; \??\C:\Windows\system32\Drivers\Cdrdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vobiw; \??\C:\Windows\system32\Drivers\vobIW.sys [X]
Task: {147DFA1F-2619-4F29-B64B-C52BD5AE3136} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3\BFHP.exeEC:\Users\Long\AppData\Local\Programs\BeFrugal.com\Add-On\2013.3.19.3BeFrugal.com
C:\Users\Long\AppData\Local\Programs\BeFrugal.com
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 29 July 2015 - 07:47 AM

The AVG Anti-Virus Free Edition 2011 is disabling the Windows Defender.
Both cannot be working in real life.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 TheBleepingDave

TheBleepingDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 29 July 2015 - 03:31 PM

Farbar Service Scanner Version: 26-07-2015
Ran by Long (administrator) on 29-07-2015 at 16:30:04
Running from "C:\Users\Long\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 30 July 2015 - 08:55 AM

Before proceeding please create a Restore point.
Follow the instructions on this page.
http://bertk.mvps.org/html/createrpv.html
<<<>>>

Create a new folder on your Desktop. Name is My_Fix

When completed Go to
http://download.bleepingcomputer.com/win-services/vista/

Download the following files and place them in the new folder.


LEGACY_MPSDRV.reg
mpsdrv.reg
MpsSvc.reg
BFE.reg
wscsvc.reg
WinDefend.reg
iphlpsvc.reg
SharedAccess.reg


I have attached a file named start_services.bat.
Download the file and place it also in the new created folder.

When all downloaded double click on each of the .reg file and accept "Merge the registry"

===

Click the following keys simultaneously (Windows key + R) this will open the Run box.

Type Regedit in the box and click the OK button.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE <- this key.
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

Exit the Editor.

===

Now run the start_services.bat
Right click on it, click "Run As Administrator" to run the fix.
Command prompt black window will pop-up for a split second and it'll disappear. That's normal.

Restart the computer normally to reset the registry.

===

Please run the Farbar's Service Scanner utility and post a fresh log for my review.

Let me know what problem persists.

#7 TheBleepingDave

TheBleepingDave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 30 July 2015 - 04:51 PM

I created the Restore Point and downloaded the .reg files but I don't see an attached a file named, "start_services.bat".

 

Thanks.


Edited by TheBleepingDave, 30 July 2015 - 07:25 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 31 July 2015 - 06:40 AM

My bad. I did not attach it.

Here it is.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 06 August 2015 - 08:30 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 12 August 2015 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users