Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network adaptor and Windows Defender disabled


  • This topic is locked This topic is locked
20 replies to this topic

#1 Simonster

Simonster

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 28 August 2015 - 09:50 PM

I am having a problem which appears to have disabled my network adapter and Windows Defender, and I would appreciate any help please.

 

Many thanks,

 

Simon

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by Simon (administrator) on SIMON1 (28-08-2015 20:51:30)
Running from F:\Antivirus stuff
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) Language: Spanish (Spain, International Sort)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\Simon\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NeroCheck] => C:\Windows\SysWOW64\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [cdloader] => C:\Users\Simon\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Starfield Updater] => C:\Users\Simon\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-04] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [wben] => C:\Users\Simon\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Workspace Status] => C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-25] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-01-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-01-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-36399904-4135691361-341567915-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> DefaultScope {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4776B6D-8771-40B0-918B-58D5BB03445D}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-02] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-07-04]
FF Extension: Workspace Email Zoom - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-24]
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-24]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-24]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-24]
CHR Extension: (GamingWonderland) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic [2014-11-29]
CHR Extension: (Undeaddies) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-11-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76912 2011-03-22] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 20:51 - 2015-08-28 20:51 - 00000000 ____D C:\FRST
2015-08-28 20:48 - 2015-08-28 20:48 - 00004693 _____ C:\Users\Simon\Desktop\attach.txt
2015-08-28 20:48 - 2015-08-28 20:46 - 00016590 _____ C:\Users\Simon\Desktop\dds.txt
2015-08-18 23:53 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-18 23:53 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-18 23:53 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 23:53 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 23:53 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-18 23:53 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 23:23 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 23:23 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 23:22 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 23:22 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 23:21 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 23:19 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 23:19 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 23:18 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 23:18 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 23:18 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 23:18 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 23:11 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 23:11 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 23:11 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 23:11 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 23:11 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 23:11 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 23:11 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 23:11 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 20:33 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 20:33 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 20:33 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 20:33 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 20:33 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 20:33 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 20:33 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 20:33 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00872528 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00681552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 20:45 - 2013-01-24 11:35 - 00000200 _____ C:\service.log
2015-08-28 20:39 - 2008-01-20 20:53 - 01052289 _____ C:\Windows\WindowsUpdate.log
2015-08-28 20:36 - 2013-01-24 12:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 20:36 - 2013-01-24 12:27 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-08-28 20:36 - 2006-11-02 10:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 20:36 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 20:36 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 20:20 - 2006-11-02 10:40 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-28 20:09 - 2013-01-24 12:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 19:59 - 2013-02-05 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
2015-08-28 19:20 - 2013-01-29 10:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\mjusbsp
2015-08-28 19:19 - 2013-01-29 10:26 - 00000897 _____ C:\Users\Simon\Desktop\magicJack.lnk
2015-08-28 19:19 - 2013-01-29 10:26 - 00000883 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-08-28 14:44 - 2013-01-29 08:18 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E4FB1B0-1709-4C12-A3D9-032DA3A7BCAF}
2015-08-28 07:47 - 2013-01-27 20:08 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-08-27 10:11 - 2013-02-05 20:23 - 00001456 _____ C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-22 23:11 - 2013-01-24 12:44 - 00002023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 07:39 - 2006-11-02 10:21 - 05136584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 07:36 - 2006-11-02 10:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-11 23:25 - 2013-01-24 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 23:24 - 2013-01-24 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-11 23:18 - 2013-08-14 21:39 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 23:12 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2015-07-06 17:01 - 2015-07-06 17:13 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-03-12 12:12 - 2013-03-12 12:12 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-03-15 18:03 - 2015-03-16 00:18 - 0000408 _____ () C:\Users\Simon\AppData\Roaming\burnaware.ini
2013-02-05 20:23 - 2015-08-27 10:11 - 0001456 _____ () C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-01-24 10:54 - 2013-01-24 11:55 - 0000732 _____ () C:\Users\Simon\AppData\Local\d3d9caps64.dat
2013-02-08 20:46 - 2015-03-15 17:35 - 0006144 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-24 11:36 - 2013-01-24 11:43 - 0201386 _____ () C:\Users\Simon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-01-24 11:36 - 2013-01-24 11:36 - 0000002 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35error.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0190696 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35install.txt
2013-01-24 11:46 - 2013-01-24 11:46 - 2484324 _____ () C:\Users\Simon\AppData\Local\dd_NET_Framework35_x64_MSI1BE8.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0429538 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0436844 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0432130 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI49F0.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0012468 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0011662 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0011598 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI49F0.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0002772 _____ () C:\Users\Simon\AppData\Local\uxeventlog.txt
 
Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\AcDeltree.exe
C:\Users\Simon\AppData\Local\Temp\BackupSetup.exe
C:\Users\Simon\AppData\Local\Temp\borlndlm.dll
C:\Users\Simon\AppData\Local\Temp\DPInstx64.exe
C:\Users\Simon\AppData\Local\Temp\DPInstx86.exe
C:\Users\Simon\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\Simon\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\Simon\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Simon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Simon\AppData\Local\Temp\mpam-705cc83b.exe
C:\Users\Simon\AppData\Local\Temp\mpam-ad48c219.exe
C:\Users\Simon\AppData\Local\Temp\namebench.exe
C:\Users\Simon\AppData\Local\Temp\OS_Detect.exe
C:\Users\Simon\AppData\Local\Temp\python27.dll
C:\Users\Simon\AppData\Local\Temp\tcl85.dll
C:\Users\Simon\AppData\Local\Temp\tk85.dll
C:\Users\Simon\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Simon\AppData\Local\Temp\{FA5E0421-2C93-47E4-BA0A-FDE4935A7181}-38.0.2125.104_chrome_installer.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 20:42
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 30 August 2015 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [AdobeBridge] => [X]
CHR Extension: (GamingWonderland) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic [2014-11-29]
CHR Extension: (Undeaddies) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-11-08]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni
C:\Program Files (x86)\MyPC Backup

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the computer running now?

#3 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 September 2015 - 09:53 AM

Sorry for the delay in responding - without my own computer I must wait in line behind my wife who has various commitments, but it has been a holiday of sorts.  Thank you for this, I will run it through today and revert, and I do appreciate you taking time to share your knowledge and abilities,

 

Best regards,

 

Simon



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 05 September 2015 - 12:27 PM

No problems.

#5 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 September 2015 - 03:32 PM

Hi nasdaq.  I attempted to run through this today.  It doesn't seem to have worked (network adaptor and Windows Defender still disabled and Windows Defender won't enable, but MyPCBackup has gone).  I am feeling foolish because I may have messed things up - I believe I originally ran FRST straight from a USB drive but that drive was not around today so I ran it from a new directory on C and do not know if FRST expected to find logs from its first run somewhere.  I have pasted the logs from today including re-running FRST .  Sorry if I have caused a waste of your time, I am more than happy to go back to the start if that is easier for you.

 

Regards,

 

Simon

 

AntiMalware

 

I ran this and did a scan.  I noticed that Detect Rootkits was not set to on so scanned again.  Attached are the three logs from its history facility, saved as text.  Looking at the times, I wonder if the scan logs are shown in reverse order.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Update, 05/09/2015 12:02:08, SYSTEM, SIMON1, Manual, Failed, Unable to access update server, 
Update, 05/09/2015 12:02:22, SYSTEM, SIMON1, Manual, Failed, Unable to access update server, 
Update, 05/09/2015 12:33:06, SYSTEM, SIMON1, Manual, Failed, Unable to access update server, 
Update, 05/09/2015 12:33:43, SYSTEM, SIMON1, Manual, Failed, Unable to access update server, 
Scan, 05/09/2015 13:50:50, SYSTEM, SIMON1, Manual, Start:05/09/2015 12:33:43, Duration:1 hr 17 min 6 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Error, 05/09/2015 14:20:35, SYSTEM, SIMON1, Protection, IsLicensed, 13, 
Protection, 05/09/2015 14:20:35, SYSTEM, SIMON1, Protection, Malware Protection, Stopping, 
Protection, 05/09/2015 14:20:35, SYSTEM, SIMON1, Protection, Malware Protection, Stopped, 
Error, 05/09/2015 14:31:07, SYSTEM, SIMON1, Protection, IsLicensed, 13, 
Protection, 05/09/2015 14:31:07, SYSTEM, SIMON1, Protection, Malware Protection, Stopping, 
Protection, 05/09/2015 14:31:07, SYSTEM, SIMON1, Protection, Malware Protection, Stopped, 
Error, 05/09/2015 15:07:27, SYSTEM, SIMON1, Protection, IsLicensed, 13, 
Protection, 05/09/2015 15:07:27, SYSTEM, SIMON1, Protection, Malware Protection, Stopping, 
Protection, 05/09/2015 15:07:27, SYSTEM, SIMON1, Protection, Malware Protection, Stopped, 
 
(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/09/2015
Scan Time: 12:33:43
Logfile: AntiMalware Log 2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355496
Time Elapsed: 1 hr, 17 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/09/2015
Scan Time: 12:02:22
Logfile: AntiMalware.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353275
Time Elapsed: 22 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/09/2015
Scan Time: 12:02:22
Logfile: AntiMalware Log 3.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353275
Time Elapsed: 22 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

AntiMalware did report a whole load of PUPs and quarantined them.

 

Here is the AdwCleaner log

 

# AdwCleaner v5.005 - Logfile created 05/09/2015 at 14:08:28
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Local]
# Operating system : Windows ™ Vista Ultimate Service Pack 2 (x64)
# Username : Simon - SIMON1
# Running from : C:\VirusFixStuff\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : BackupStack
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Users\Simon\AppData\Roaming\pdfforge
[#] Folder Deleted : C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Simon\Desktop\Sync Folder.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2479 bytes] ##########
 
(I let it take pdfforge)
 
Here is the Fixlog from running FRST
 
Fix result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Simon (2015-09-05 14:25:09) Run:1
Running from C:\VirusFixStuff
Loaded Profiles: Simon (Available Profiles: Simon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [AdobeBridge] => [X]
CHR Extension: (GamingWonderland) -
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic [2014-11-29]
CHR Extension: (Undeaddies) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-11-08]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni
C:\Program Files (x86)\MyPC Backup
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-36399904-4135691361-341567915-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
CHR Extension: (GamingWonderland) - => not found
"C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic [2014-11-29]" => File/Folder not found.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni => moved successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
BackupStack => service not found.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhibjkbjpbibiegmgfglnihpjogipic => moved successfully
"C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni" => File/Folder not found.
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
EmptyTemp: => 14.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:25:58 ====
 
Here is the result of running FRST again
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by Simon (administrator) on SIMON1 (05-09-2015 14:38:07)
Running from C:\VirusFixStuff
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) Language: Spanish (Spain, International Sort)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\Simon\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NeroCheck] => C:\Windows\SysWOW64\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [cdloader] => C:\Users\Simon\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Starfield Updater] => C:\Users\Simon\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-04] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [wben] => C:\Users\Simon\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Workspace Status] => C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-25] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-01-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-01-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-36399904-4135691361-341567915-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> DefaultScope {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4776B6D-8771-40B0-918B-58D5BB03445D}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-02] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-07-04]
FF Extension: Workspace Email Zoom - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-24]
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-24]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-24]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76912 2011-03-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-05 14:03 - 2015-09-05 14:08 - 00000000 ____D C:\AdwCleaner
2015-09-05 12:03 - 2015-09-05 12:03 - 00006538 _____ C:\Windows\system32\PerfStringBackup.TMP
2015-09-05 12:01 - 2015-09-05 12:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 12:01 - 2015-09-05 12:01 - 00000941 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-05 12:01 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-05 12:01 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-05 12:01 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-05 11:59 - 2015-09-05 14:38 - 00000000 ____D C:\VirusFixStuff
2015-08-28 20:51 - 2015-09-05 14:38 - 00000000 ____D C:\FRST
2015-08-28 20:48 - 2015-08-28 20:48 - 00004693 _____ C:\Users\Simon\Desktop\attach.txt
2015-08-28 20:48 - 2015-08-28 20:46 - 00016590 _____ C:\Users\Simon\Desktop\dds.txt
2015-08-18 23:53 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-18 23:53 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-18 23:53 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 23:53 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 23:53 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-18 23:53 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 23:23 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 23:23 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 23:22 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 23:22 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 23:21 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 23:19 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 23:19 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 23:18 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 23:18 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 23:18 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 23:18 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 23:11 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 23:11 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 23:11 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 23:11 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 23:11 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 23:11 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 23:11 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 23:11 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 20:33 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 20:33 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 20:33 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 20:33 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 20:33 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 20:33 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 20:33 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 20:33 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-05 14:34 - 2008-01-20 20:53 - 01165569 _____ C:\Windows\WindowsUpdate.log
2015-09-05 14:31 - 2013-01-24 12:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-05 14:31 - 2013-01-24 12:27 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-09-05 14:31 - 2013-01-24 11:35 - 00000145 _____ C:\service.log
2015-09-05 14:30 - 2006-11-02 10:40 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-05 14:30 - 2006-11-02 10:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 14:30 - 2006-11-02 10:39 - 00114706 _____ C:\Windows\PFRO.log
2015-09-05 14:30 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 14:30 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 14:10 - 2013-01-24 12:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-05 12:00 - 2006-11-02 10:26 - 00011764 _____ C:\Windows\setupact.log
2015-08-28 19:59 - 2013-02-05 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
2015-08-28 19:20 - 2013-01-29 10:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\mjusbsp
2015-08-28 19:19 - 2013-01-29 10:26 - 00000897 _____ C:\Users\Simon\Desktop\magicJack.lnk
2015-08-28 19:19 - 2013-01-29 10:26 - 00000883 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-08-28 07:47 - 2013-01-27 20:08 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-08-27 10:11 - 2013-02-05 20:23 - 00001456 _____ C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-22 23:11 - 2013-01-24 12:44 - 00002023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 07:39 - 2006-11-02 10:21 - 05136584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 07:36 - 2006-11-02 10:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-11 23:25 - 2013-01-24 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 23:24 - 2013-01-24 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-11 23:18 - 2013-08-14 21:39 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 23:12 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2015-07-06 17:01 - 2015-07-06 17:13 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-03-12 12:12 - 2013-03-12 12:12 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-03-15 18:03 - 2015-03-16 00:18 - 0000408 _____ () C:\Users\Simon\AppData\Roaming\burnaware.ini
2013-02-05 20:23 - 2015-08-27 10:11 - 0001456 _____ () C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-01-24 10:54 - 2013-01-24 11:55 - 0000732 _____ () C:\Users\Simon\AppData\Local\d3d9caps64.dat
2013-02-08 20:46 - 2015-03-15 17:35 - 0006144 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-24 11:36 - 2013-01-24 11:43 - 0201386 _____ () C:\Users\Simon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-01-24 11:36 - 2013-01-24 11:36 - 0000002 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35error.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0190696 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35install.txt
2013-01-24 11:46 - 2013-01-24 11:46 - 2484324 _____ () C:\Users\Simon\AppData\Local\dd_NET_Framework35_x64_MSI1BE8.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0429538 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0436844 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0432130 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI49F0.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0012468 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0011662 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0011598 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI49F0.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0002772 _____ () C:\Users\Simon\AppData\Local\uxeventlog.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-05 14:37
 
==================== End of FRST.txt ============================
 

And it produced an Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Simon (2015-09-05 14:38:59)
Running from C:\VirusFixStuff
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-36399904-4135691361-341567915-500 - Administrator - Disabled)
Invitado (S-1-5-21-36399904-4135691361-341567915-501 - Limited - Disabled)
Simon (S-1-5-21-36399904-4135691361-341567915-1000 - Administrator - Enabled) => C:\Users\Simon
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator 10.0.3 (HKLM-x32\...\{412033BC-44CF-48D9-B813-4B835101F4D3}) (Version: 10.0.3 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.51 - Atheros Communications Inc.)
BigNSISTest (remove only) (HKLM-x32\...\BigNSISTest) (Version:  - )
Borland Delphi 6 (HKLM-x32\...\{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}) (Version: 6.0 - Borland Software Corporation)
BurnAware Free 7.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Chinese Traditional Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Comport Detector (HKLM-x32\...\Comport Detector) (Version: 1.0 - )
Driver K-104 K-114 (HKLM-x32\...\Driver K-104 K-114) (Version: 2.08.24 - )
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
FTPUploader (HKLM-x32\...\FTPUploader) (Version: 1.0 - )
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Global Mapper 10 (HKLM-x32\...\{E8DF2E58-E6EE-44E7-A06F-5213FA1DD03F}) (Version: 10.02.0020 - Global Mapper Software)
GNU Backgammon (MAIN branch, 20121023 code) (HKLM-x32\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Installer Logger5 (HKLM-x32\...\Installer Logger5) (Version:  - )
Installer LoggerDCX (HKLM-x32\...\Installer LoggerDCX) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Logger DCX4_11 (HKLM-x32\...\Logger DCX4_11) (Version:  - )
magicJack (HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapSource (HKLM-x32\...\MapSource) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero - Burning Rom (HKLM-x32\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
ODF Add-in for Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - esn) (Version:  - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Software Installer (HKLM-x32\...\Software Installer) (Version: 3.0 - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Workspace Desktop (HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\workspacedesktop) (Version:  - Starfield Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-36399904-4135691361-341567915-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Simon\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-36399904-4135691361-341567915-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Simon\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
 
==================== Restore Points =========================
 
23-07-2015 07:50:13 Punto de control programado
24-07-2015 00:00:02 Punto de control programado
25-07-2015 08:13:15 Windows Update
27-07-2015 07:57:50 Punto de control programado
28-07-2015 21:18:45 Punto de control programado
29-07-2015 00:13:53 Windows Update
30-07-2015 12:47:45 Punto de control programado
31-07-2015 07:56:34 Punto de control programado
01-08-2015 10:01:58 Punto de control programado
01-08-2015 12:21:47 Windows Update
02-08-2015 14:44:49 Punto de control programado
03-08-2015 07:03:34 Punto de control programado
04-08-2015 09:58:16 Punto de control programado
05-08-2015 07:30:42 Windows Update
06-08-2015 06:47:26 Punto de control programado
07-08-2015 07:10:05 Punto de control programado
08-08-2015 00:01:54 Punto de control programado
08-08-2015 09:04:31 Windows Update
08-08-2015 21:34:27 Punto de control programado
09-08-2015 10:14:08 Punto de control programado
10-08-2015 08:14:54 Punto de control programado
11-08-2015 21:03:28 Punto de control programado
11-08-2015 23:11:06 Windows Update
13-08-2015 08:03:09 Punto de control programado
14-08-2015 00:18:50 Punto de control programado
15-08-2015 07:13:08 Punto de control programado
15-08-2015 20:13:05 Windows Update
17-08-2015 08:07:43 Punto de control programado
18-08-2015 19:34:06 Punto de control programado
18-08-2015 23:53:01 Windows Update
20-08-2015 07:41:25 Punto de control programado
21-08-2015 09:01:57 Punto de control programado
22-08-2015 23:19:54 Windows Update
24-08-2015 11:14:44 Punto de control programado
25-08-2015 11:43:00 Punto de control programado
26-08-2015 12:26:00 Windows Update
27-08-2015 08:56:50 Punto de control programado
28-08-2015 07:48:43 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2015-07-16 19:04 - 00000791 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35ADA696-5FCA-42AC-A89B-6E327A360EF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24] (Google Inc.)
Task: {49ACE7AF-2ADB-4016-ACA0-83C24D82DEAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24] (Google Inc.)
Task: {DF471BC2-67A7-4416-A44B-1CD553C19294} - System32\Tasks\AdobeAAMUpdater-1.0-Simon1-Simon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E5671BDC-988D-4082-ADD6-943F86979062} - \User_Feed_Synchronization-{2E4FB1B0-1709-4C12-A3D9-032DA3A7BCAF} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-01-24 11:35 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2013-01-24 11:35 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-36399904-4135691361-341567915-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Simon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D0D1321F-747F-4C3A-9551-A34CC1BE05DB}] => (Allow) LPort=80
FirewallRules: [{924BD53C-5454-436A-8363-B1155E1B858B}] => (Allow) LPort=80
FirewallRules: [{A6FEFBB2-A3AF-42E1-B148-671639E43221}] => (Allow) LPort=80
FirewallRules: [{5F144566-FCAE-49FF-9422-0CA097B68F49}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{E8FABF26-052D-4322-9B91-A3105ED3DEE4}C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{87EB61B8-B28A-4600-992A-472AD47FCB46}C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{D9363A94-6AB8-499D-B5B7-DA2A8BA949D4}C:\users\simon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\simon\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4A8F2439-DB1B-47BC-925D-790EBE640AF8}C:\users\simon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\simon\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{58368738-F05E-457D-80E2-A9AE086E5502}C:\users\simon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\simon\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{69BA95C1-6878-4B37-B48F-AA892DE8F689}C:\users\simon\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\simon\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F2B6D823-D9A5-47B5-98E3-731525B2EF62}C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{77880343-4362-441B-9B22-EDABDF9AD531}C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\simon\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{94877A15-A4CF-4F83-A78C-BA2AE452E89F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2015 02:35:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 1.1.1600.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c90
Start Time: 01d0e811e355de6a
Termination Time: 0
 
Error: (09/05/2015 02:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 1.1.1600.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fe4
Start Time: 01d0e811b3784c5a
Termination Time: 0
 
Error: (09/05/2015 02:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2015 02:25:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIMON\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\VIRUSFIXSTUFF.LNK> in the hash map cannot be updated.
 
Contexto: aplicación , catálogo SystemIndex
 
Detalles:
Uno de los dispositivos vinculados al sistema no funciona.   (0x8007001f)
 
Error: (09/05/2015 02:22:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2015 12:00:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2015 08:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Taskmgr.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: da4
Start Time: 01d0e1fc21276161
Termination Time: 0
 
Error: (08/28/2015 08:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: dd8
Start Time: 01d0e1fbac03c541
Termination Time: 15460
 
Error: (08/28/2015 08:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 8cc
Start Time: 01d0e1fb240159a1
Termination Time: 5428
 
Error: (08/28/2015 08:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/05/2015 02:31:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.13.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\Servicio de red
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/05/2015 02:31:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.205.913.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\Servicio de red
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/05/2015 02:31:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.205.913.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\Servicio de red
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/05/2015 02:31:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.205.913.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/05/2015 02:25:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Reiniciar el servicioWindows Search%%1056
 
Error: (09/05/2015 02:25:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Reiniciar el servicio
 
Error: (09/05/2015 02:25:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Instalador de módulos de Windows11200001Reiniciar el servicio
 
Error: (09/05/2015 02:25:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: PDF Architect Service1
 
Error: (09/05/2015 02:25:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: PDF Architect Helper Service1
 
Error: (09/05/2015 02:25:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: File Backup Service1
 
 
Microsoft Office:
=========================
Error: (09/05/2015 02:35:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MSASCui.exe1.1.1600.0c9001d0e811e355de6a0
 
Error: (09/05/2015 02:34:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MSASCui.exe1.1.1600.0fe401d0e811b3784c5a0
 
Error: (09/05/2015 02:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2015 02:25:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Contexto: aplicación , catálogo SystemIndex
 
Detalles:
Uno de los dispositivos vinculados al sistema no funciona.   (0x8007001f)
C:\USERS\SIMON\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\VIRUSFIXSTUFF.LNK
 
Error: (09/05/2015 02:22:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2015 12:00:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2015 08:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Taskmgr.exe6.0.6001.18000da401d0e1fc212761610
 
Error: (08/28/2015 08:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.0.6002.18005dd801d0e1fbac03c54115460
 
Error: (08/28/2015 08:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6002.180058cc01d0e1fb240159a15428
 
Error: (08/28/2015 08:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity:
===================================
  Date: 2015-09-05 14:38:54.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:54.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:54.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:54.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:53.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:53.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:53.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:53.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:35.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-05 14:38:35.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 22%
Total physical RAM: 8155.58 MB
Available physical RAM: 6322.38 MB
Total Virtual: 16364.2 MB
Available Virtual: 14626.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:684.73 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.11 GB) FAT32
Drive k: (NEW BLUE) (Fixed) (Total:931.51 GB) (Free:302.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: E25EA2E2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 638A0A2C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 06 September 2015 - 08:02 AM


You will be better protected with the Microsoft Security Essentials.

Download and run the program.

http://windows.microsoft.com/en-CA/windows/security-essentials-download

This program disable Windows Defender by default. It's all you need.
===

On the network adaptor issues. Try the fixes suggested on the page.
http://windows.microsoft.com/en-ca/windows-vista/troubleshoot-network-adapter-problems

Keep me posted.

#7 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 06 September 2015 - 06:04 PM

Thanks nasdaq.  I am humbled by this experience and may be wrong, but it looks to me that this is not just a case of resetting some damage that has been caused by the malware, but that whatever was the problem is still running somewhere on the machine.  

 

None of the control panel/network management windows admit that I even have a network adaptor (it is part of the motherboard), and if I try to enable Windows Defender some additional text pops up and disappears almost immediately, suggesting to me that Defender is trying to start and then gets killed by the malware as soon as it detects that Defender has been started.  

 

I downloaded MSE to a memory stick and tried to install it, but it said it couldn't do so because MSE was already running and one can only one run one version.  That's fine, but

 

(1)  I do not remember seeing MSE running until this virus problem occurred (although it could well have been), what is on there runs purely in Spanish whereas my machine normally produces some mixture of Spanish and English (I have a fully legitimate Spanish language version of Vista installed plus the English pack, rant deleted but I am happy to post it!).  If I have a normal version of MSE shouldn't it interract properly and produce a proper message when I try to start Defender?

 

(2)  I can't see any way of uninstalling MSE to reinstall a known version  (rant again deleted), and I would expect to have that option.

 

This makes me wonder whether I really have a virus, or whether I was graced (...) with an auto download and enabling of MSE in some Microsoft update, whether MSE just doesn't interract properly with attempts to enable Defender, whether my network adaptor failed for some reason, and whether I only found the MSE download and Defender issue when looking around trying to work out what was going after the network adaptor failed, albeit with my computer already infected with a lot of crapware that the scans and software detected.  I am so out of my depth here (and I wrote my first Z80 assembler program about 35 years ago!).

 

Any suggestions would be appreciated ....

 

Regards,

 

Simon


Edited by Simonster, 06 September 2015 - 06:05 PM.


#8 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 06 September 2015 - 06:31 PM

Hmmm.  Although I can't uninstall MSE, I can turn off its real time protection.  When I do that, I can enable Windows Defender without it just flipping back to off and hanging, although Defender compalins about updates etc and can't get them without a web connection.  If what is claiming to run as MSE on my system is indeed MSE (Vista says the relevant executable, dated April 30, has a Microsoft security certificate) then perhaps there is just an integration issue with trying to enable Defender when MSE is activated (and the slight point that I can't uninstall MSE).  I am wondering if I should get a network card, plug it in, and see what happens.  I am also wondering whether I should have deleted the rants about Microsoft programmers and the queue of people with baseball bats and/or the rant about class action lawsuits and "fit for purpose".

 

...

 

Regards,

 

S



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 07 September 2015 - 06:57 AM

Download and run the MSE Removal tool.

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

Restart the computer after the removal is completed.
===

If there is some remnant items after the removal check these registry items.

http://smallbusiness.chron.com/clean-registry-traces-microsoft-security-essentials-70659.html
===

That may be an option later.
I am wondering if I should get a network card, plug it in, and see what happens.

After the remove of MSE please run the farbar tool and post a fresh FRST log for my review.

#10 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 September 2015 - 09:40 AM

Thanks nasdaq.  I have done these.  When I go to the Windows security center it says that Defender and MSE "report that they are not running" but I suspect that is what it would say were it not to find them and I don't see anything that makes me think that they are.  Below are  the results of the FRST scan.  I thank you for your continued assistance.

 

Regards,

 

Simon

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by Simon (administrator) on SIMON1 (07-09-2015 09:12:29)
Running from C:\VirusFixStuff
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) Language: Spanish (Spain, International Sort)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\Simon\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NeroCheck] => C:\Windows\SysWOW64\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [cdloader] => C:\Users\Simon\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Starfield Updater] => C:\Users\Simon\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-07-04] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [wben] => C:\Users\Simon\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [Workspace Status] => C:\Users\Simon\AppData\Local\Workspace\workspacestatus.exe [694760 2013-07-25] (Starfield Technologies)
HKU\S-1-5-21-36399904-4135691361-341567915-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-01-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-01-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-07-04] (Starfield Technologies, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-36399904-4135691361-341567915-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> DefaultScope {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-36399904-4135691361-341567915-1000 -> {7B32C477-9F21-4821-A1F1-C6CACA3A5E9C} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4776B6D-8771-40B0-918B-58D5BB03445D}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-02] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/off64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-36399904-4135691361-341567915-1000: @starfield.com/wbe64 -> C:\Users\Simon\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npoff64.dll [2014-10-23] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe.dll [2013-07-04] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npwbe64.dll [2013-07-04] (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-07-04]
FF Extension: Workspace Email Zoom - C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-24]
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-24]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-24]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76912 2011-03-22] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-07 08:34 - 2015-09-07 08:34 - 00019240 _____ C:\FixitRegBackup.reg
2015-09-06 17:44 - 2015-09-06 18:41 - 14243008 _____ (Microsoft Corporation) C:\mseinstall.exe
2015-09-05 14:03 - 2015-09-05 14:08 - 00000000 ____D C:\AdwCleaner
2015-09-05 12:03 - 2015-09-05 12:03 - 00006538 _____ C:\Windows\system32\PerfStringBackup.TMP
2015-09-05 12:01 - 2015-09-05 15:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 12:01 - 2015-09-05 12:01 - 00000941 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-05 12:01 - 2015-09-05 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-05 12:01 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-05 12:01 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-05 12:01 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-05 11:59 - 2015-09-07 08:31 - 00000000 ____D C:\VirusFixStuff
2015-08-28 20:51 - 2015-09-07 09:12 - 00000000 ____D C:\FRST
2015-08-28 20:48 - 2015-08-28 20:48 - 00004693 _____ C:\Users\Simon\Desktop\attach.txt
2015-08-28 20:48 - 2015-08-28 20:46 - 00016590 _____ C:\Users\Simon\Desktop\dds.txt
2015-08-18 23:53 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-18 23:53 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-18 23:53 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 23:53 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 23:53 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-18 23:53 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 23:23 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:23 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 23:23 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 23:22 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 23:22 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 23:21 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 23:21 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 23:19 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 23:19 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 23:19 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 23:18 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 23:18 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 23:18 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 23:18 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 23:18 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 23:18 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 23:11 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 23:11 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 23:11 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 23:11 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 23:11 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 23:11 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 23:11 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 23:11 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-11 23:11 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 23:11 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 23:11 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 23:11 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 23:11 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 20:33 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 20:33 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 20:33 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 20:33 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 20:33 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 20:33 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 20:33 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 20:33 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 20:33 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 20:33 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 20:33 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 20:33 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-11 20:33 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 20:33 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-11 20:33 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-11 20:33 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-11 20:33 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-07 09:10 - 2013-01-24 12:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 09:05 - 2008-01-20 20:53 - 01345307 _____ C:\Windows\WindowsUpdate.log
2015-09-07 09:01 - 2013-01-24 12:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 09:01 - 2013-01-24 12:27 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-09-07 09:01 - 2013-01-24 11:35 - 00000145 _____ C:\service.log
2015-09-07 09:01 - 2006-11-02 10:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 09:01 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 09:01 - 2006-11-02 10:21 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 09:00 - 2006-11-02 10:40 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-07 08:45 - 2013-01-27 20:08 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-09-06 17:44 - 2013-03-04 23:58 - 00002198 _____ C:\Windows\epplauncher.mif
2015-09-05 14:30 - 2006-11-02 10:39 - 00114706 _____ C:\Windows\PFRO.log
2015-09-05 12:00 - 2006-11-02 10:26 - 00011764 _____ C:\Windows\setupact.log
2015-08-28 19:59 - 2013-02-05 19:07 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
2015-08-28 19:20 - 2013-01-29 10:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\mjusbsp
2015-08-28 19:19 - 2013-01-29 10:26 - 00000897 _____ C:\Users\Simon\Desktop\magicJack.lnk
2015-08-28 19:19 - 2013-01-29 10:26 - 00000883 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-08-27 10:11 - 2013-02-05 20:23 - 00001456 _____ C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-22 23:11 - 2013-01-24 12:44 - 00002023 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 07:39 - 2006-11-02 10:21 - 05136584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 07:36 - 2006-11-02 10:06 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-11 23:25 - 2013-01-24 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 23:24 - 2013-01-24 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-11 23:18 - 2013-08-14 21:39 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 23:12 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2015-07-06 17:01 - 2015-07-06 17:13 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-03-12 12:12 - 2013-03-12 12:12 - 0000132 _____ () C:\Users\Simon\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-03-15 18:03 - 2015-03-16 00:18 - 0000408 _____ () C:\Users\Simon\AppData\Roaming\burnaware.ini
2013-02-05 20:23 - 2015-08-27 10:11 - 0001456 _____ () C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-01-24 10:54 - 2013-01-24 11:55 - 0000732 _____ () C:\Users\Simon\AppData\Local\d3d9caps64.dat
2013-02-08 20:46 - 2015-03-15 17:35 - 0006144 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-24 11:36 - 2013-01-24 11:43 - 0201386 _____ () C:\Users\Simon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-01-24 11:36 - 2013-01-24 11:36 - 0000002 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35error.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0190696 _____ () C:\Users\Simon\AppData\Local\dd_dotnetfx35install.txt
2013-01-24 11:46 - 2013-01-24 11:46 - 2484324 _____ () C:\Users\Simon\AppData\Local\dd_NET_Framework35_x64_MSI1BE8.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0429538 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0436844 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0432130 _____ () C:\Users\Simon\AppData\Local\dd_vcredistMSI49F0.txt
2014-06-15 08:14 - 2014-06-15 08:15 - 0012468 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI379B.txt
2013-02-05 20:12 - 2013-02-05 20:13 - 0011662 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI495A.txt
2013-02-05 20:13 - 2013-02-05 20:14 - 0011598 _____ () C:\Users\Simon\AppData\Local\dd_vcredistUI49F0.txt
2013-01-24 11:36 - 2013-01-24 11:47 - 0002772 _____ () C:\Users\Simon\AppData\Local\uxeventlog.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-07 09:08
 
==================== End of FRST.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 07 September 2015 - 10:03 AM


These items are related to MSE. Lets remove them.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
CloseProcesses:

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
c:\Program Files\Microsoft Security Client

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Is MSE still running?

#12 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 September 2015 - 11:17 AM

Thanks again.  Log files below.  The security center still has the same message, that these things report that they are turned off.  I cannot see anything like MSE running as a process when showing all processes, but I am ignorant of what all of this stuff means.  Still no network adapter shown as existing, when I show hidden devices I get what I assume are software interfaces to a physical adapter should one exist. but again I don't know what these things all are.

 

Regards,

 

Simon

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Simon (2015-09-07 10:54:34) Run:2
Running from C:\VirusFixStuff
Loaded Profiles: Simon (Available Profiles: Simon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
c:\Program Files\Microsoft Security Client
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
MsMpSvc => service could not remove
NisSrv => service could not remove
"c:\Program Files\Microsoft Security Client" => Warning: FRST is scripted not to move this directory.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:54:57 ====
 
Checkup.txt
 

 Results of screen317's Security Check version 1.008  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Google Chrome (44.0.2403.155) 
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 07 September 2015 - 01:37 PM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#14 Simonster

Simonster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 September 2015 - 05:03 PM

This ran through, below is the log.  Still no network adapter.

 

Thanks,

 

Simon

 

ComboFix 15-09-07.01 - Simon 07/09/2015  16:36:07.1.2 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.44.3082.18.8156.6205 [GMT -5:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\win.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-07 to 2015-09-07  )))))))))))))))))))))))))))))))
.
.
2015-09-07 13:34 . 2015-09-07 13:34 19240 ----a-w- C:\FixitRegBackup.reg
2015-09-06 23:25 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5D04631-51BC-47AF-AA18-DC664F39648A}\mpengine.dll
2015-09-06 22:44 . 2015-09-06 23:41 14243008 ----a-w- C:\mseinstall.exe
2015-09-05 19:03 . 2015-09-05 19:08 -------- d-----w- C:\AdwCleaner
2015-09-05 17:03 . 2015-09-05 17:03 6538 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2015-09-05 17:01 . 2015-09-05 20:09 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-05 17:01 . 2015-06-18 13:41 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-05 17:01 . 2015-06-18 13:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-05 17:01 . 2015-06-18 13:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-05 17:01 . 2015-09-05 17:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-05 17:01 . 2015-09-05 17:01 -------- d-----w- c:\programdata\Malwarebytes
2015-09-05 16:59 . 2015-09-07 15:54 -------- d-----w- C:\VirusFixStuff
2015-08-29 01:51 . 2015-09-07 15:54 -------- d-----w- C:\FRST
2015-08-28 12:25 . 2015-07-01 13:10 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAD14A19-96D8-4CE4-9A8E-F5137398630E}\gapaengine.dll
2015-08-26 17:26 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-19 04:53 . 2015-08-14 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 04:53 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-19 04:53 . 2015-08-14 23:38 2158080 ----a-w- c:\windows\system32\iertutil.dll
2015-08-19 04:53 . 2015-08-14 23:55 765072 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-19 04:53 . 2015-08-14 23:55 183024 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-19 04:53 . 2015-08-14 23:07 758000 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2015-08-19 04:53 . 2015-08-14 23:07 151184 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-08-19 04:53 . 2015-08-14 23:49 17889792 ----a-w- c:\windows\system32\mshtml.dll
2015-08-12 04:23 . 2015-07-31 20:03 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:23 . 2015-07-31 19:27 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:23 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-12 04:23 . 2015-07-10 19:35 2425344 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 04:22 . 2015-07-11 17:13 12901888 ----a-w- c:\windows\system32\shell32.dll
2015-08-12 04:21 . 2015-07-09 14:39 169472 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 04:21 . 2015-07-09 14:39 169472 ----a-w- c:\windows\notepad.exe
2015-08-12 04:21 . 2015-07-09 14:25 151040 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-12 04:21 . 2015-07-18 15:41 80384 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 04:19 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-12 04:19 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-12 04:19 . 2015-07-10 19:35 1875968 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 04:19 . 2015-07-10 19:35 1796096 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 04:18 . 2015-07-21 15:50 68544 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 04:18 . 2015-07-21 15:50 154048 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 04:18 . 2015-07-21 20:59 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 04:18 . 2015-07-21 20:59 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-08-12 04:18 . 2015-07-21 15:50 4690880 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 04:18 . 2015-07-21 15:41 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 04:18 . 2015-07-21 15:40 399360 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 04:18 . 2015-07-21 15:40 85504 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 01:33 . 2015-07-22 21:56 2344448 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-07 16:00 . 2013-01-24 17:27 25640 ----a-w- c:\windows\gdrv.sys
2015-08-12 04:12 . 2006-11-02 12:35 132483416 ----a-w- c:\windows\system32\mrt.exe
2015-08-05 05:03 . 2015-08-05 05:03 877152 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-08-05 05:03 . 2015-08-05 05:03 538208 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-08-05 04:53 . 2015-08-05 04:53 872528 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 04:53 . 2015-08-05 04:53 681552 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-05 10:08 . 2013-01-24 17:10 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 16:04 . 2015-07-16 02:59 1316864 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-03 15:41 . 2015-07-16 02:59 1916416 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 13:10 . 2013-03-13 11:45 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-27 16:03 . 2015-07-16 03:00 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-27 16:03 . 2015-07-16 03:00 678400 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-06-27 16:02 . 2015-07-16 03:00 218112 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-06-27 16:02 . 2015-07-16 03:00 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-27 16:01 . 2015-07-16 03:00 801280 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-06-27 15:40 . 2015-07-16 03:00 1304576 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 15:40 . 2015-07-16 03:00 269824 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 15:40 . 2015-07-16 03:00 658944 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 15:39 . 2015-07-16 03:00 1065472 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:30 . 2015-07-16 03:00 278016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:30 . 2015-07-16 03:00 109056 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-17 16:50 . 2015-07-16 02:58 2264576 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-17 16:23 . 2015-07-16 02:58 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:18 . 2015-07-16 02:58 125440 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 15:09 . 2015-07-16 02:58 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-12 16:03 . 2015-07-16 02:58 304640 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-12 15:46 . 2015-07-16 02:58 390656 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-16 03:00 516544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"cdloader"="c:\users\Simon\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592]
"Starfield Updater"="c:\users\Simon\AppData\Local\Workspace\WorkspaceUpdate.exe" [2013-07-04 35008]
"wben"="c:\users\Simon\AppData\Local\Workspace\wben.exe" [2014-10-20 1078896]
"Workspace Status"="c:\users\Simon\AppData\Local\Workspace\workspacestatus.exe" [2013-07-25 694760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-1-27 110592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 04:09 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 17:31]
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 17:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-07-04 23:15 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-07-04 23:15 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Simon\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BigNSISTest - c:\program files (x86)\CICESE\MARV10\uninstall.exe
AddRemove-MARV10 - c:\program files (x86)\CICESE\MARV10\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-09-07  16:43:35
ComboFix-quarantined-files.txt  2015-09-07 21:43
.
Pre-Run: 733,180,309,504 bytes free
Post-Run: 733,058,449,408 bytes free
.
- - End Of File - - C9F4F134370923BEC891ECF20E39F832
5C616939100B85E558DA92B899A0FC36


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 08 September 2015 - 07:30 AM


I suggest you check with the experts in the Networking forum.
http://www.bleepingcomputer.com/forums/f/21/networking/

Before you start a new topic there download and run this tool.
Include the log for review by an expert.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your post in the Networking forum.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

I will leave this topic open for 5 days if you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users