Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials will not scan


  • This topic is locked This topic is locked
14 replies to this topic

#1 cureneeded

cureneeded

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 September 2015 - 11:05 AM

This seemed to begin after watching a video on xhamster that, while watching, read "video is being absorbed" and then the page redirected from the video to a page that said something about the fbi looking at...and I didn't finish before closing the window. Well, I know I haven't done anything to warrant the fbi's attention. Since then, I occasionally get a redirect from the same site that says "having vista problems? clean your pc here" or something to that effect and I do the same - close the window. Since that day, Microsoft Security Essentials will not complete a full scan. The quick scan works and reports that it found nothing. These are some of the message I have gotten during a full scan:

 

Microsoft Security Client Interface Stopped Working or is Not Responding

 

Anti-Malware Service Executable Stopped Working and Was Closed

 

The app stopped working, your computer is at risk please restart now.

 

and I have gotten a page that l will ignorantly call a re-boot page where the screen was black with white print that read: Checking file on C: The file system is ntfs. One of your disks needs to be checked for consistency. Chk Dsck. And then it ran some other lines that read "correcting error in index..." "recover orphan file into director file..." "deleting index entry..." etc.

 

When I update Security Essentials, it will first tell me it can't do it becuase I have a different Build Flavor. When I close that out and open the update report, it tells me that the update was successful.

 

I use CCleaner every few days and I scan with Malwarebytes. Malwarebytes scans completely and hasn't come back with any viruses to report, but I suspect that's not correct with the above behavior going on.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by button (administrator) on BUTTON-PC (08-09-2015 10:42:33)
Running from C:\Users\button\Desktop
Loaded Profiles: button (Available Profiles: button)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
( ) C:\Windows\System32\dldtcoms.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Dell V305\dldtmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\Dell V305\dldtmsdmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dldtmon.exe] => C:\Program Files (x86)\Dell V305\dldtmon.exe [668912 2008-06-24] ()
HKLM\...\Run: [dldtamon] => C:\Program Files (x86)\Dell V305\dldtamon.exe [16624 2008-06-24] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => "C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe"
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\...\Run: [Download] => "C:\Users\button\AppData\Local\SupportSoft\ddoctorv2\button\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009-09-24]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\button\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-05-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A89A73CF-9421-4598-90E1-0B0713B543A5}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-915472494-2029157542-1660393771-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-915472494-2029157542-1660393771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\button\AppData\Roaming\Mozilla\Firefox\Profiles\jl06bqha.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2010-05-17] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-05-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-05-16] (Apple Inc.)
FF Extension: LeechBlock - C:\Users\button\AppData\Roaming\Mozilla\Firefox\Profiles\jl06bqha.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-21]
FF HKU\S-1-5-21-915472494-2029157542-1660393771-1000\...\Firefox\Extensions: [{06C050B6-CE38-4F3A-B865-5707182D6E3C}] - C:\Users\button\AppData\Local\{06C050B6-CE38-4F3A-B865-5707182D6E3C}

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [34032 2008-02-25] ()
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [1045232 2008-02-25] ( )
R2 dldt_device; C:\Windows\SysWOW64\dldtcoms.exe [595184 2008-02-25] ( )
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 10:42 - 2015-09-08 10:43 - 00014096 _____ C:\Users\button\Desktop\FRST.txt
2015-09-08 10:42 - 2015-09-08 10:42 - 02190336 _____ (Farbar) C:\Users\button\Desktop\FRST64.exe
2015-09-08 10:42 - 2015-09-08 10:42 - 00000000 ____D C:\FRST
2015-08-31 10:55 - 2015-08-31 10:55 - 00001828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-31 10:54 - 2015-08-31 10:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-31 10:54 - 2015-08-31 10:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-27 13:38 - 2015-08-28 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-20 03:01 - 2015-08-14 21:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:01 - 2015-08-14 20:44 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-14 22:11 - 03639296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 03:00 - 2015-08-14 22:08 - 05756416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-13 03:20 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:20 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:18 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 03:18 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 03:16 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 03:16 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 03:15 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 03:15 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 03:15 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 03:14 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 03:12 - 2015-07-16 11:00 - 01177600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 03:12 - 2015-07-16 11:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 03:12 - 2015-07-16 11:00 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 06122496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 01827328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 03:12 - 2015-07-16 10:59 - 00671744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 03:12 - 2015-07-16 10:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 03:12 - 2015-07-16 10:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 03:12 - 2015-07-16 10:58 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 03:12 - 2015-07-16 10:58 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-08-13 03:12 - 2015-07-16 10:40 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 03:12 - 2015-07-16 10:40 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 03:12 - 2015-07-16 10:40 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 02079232 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 03:12 - 2015-07-16 10:39 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00764416 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 03:12 - 2015-07-16 10:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 03:12 - 2015-07-16 10:38 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 03:12 - 2015-07-16 10:38 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 03:12 - 2015-07-16 10:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-08-13 03:12 - 2015-07-16 09:51 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 03:12 - 2015-07-16 09:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 03:08 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 03:08 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 03:08 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 03:08 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 03:07 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 03:07 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 03:07 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 03:07 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-13 03:07 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 03:07 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 03:07 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-13 03:07 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 03:02 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-13 03:02 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-13 03:02 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-13 03:02 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-13 03:02 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-13 03:02 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-13 03:02 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-13 03:01 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 03:01 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 03:01 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-13 03:01 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-13 03:01 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 03:01 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 03:01 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 03:01 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-13 03:01 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-13 03:01 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 03:01 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 03:01 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 03:01 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-13 03:01 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 03:01 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 03:01 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-13 03:01 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 03:01 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 10:39 - 2006-11-02 10:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 10:39 - 2006-11-02 10:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 10:31 - 2009-09-24 05:13 - 01422229 _____ C:\Windows\WindowsUpdate.log
2015-09-08 10:13 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-08 10:12 - 2006-11-02 10:42 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-08 01:23 - 2014-06-25 17:24 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 14:02 - 2011-08-23 00:06 - 00000000 ____D C:\ProgramData\Dl_cats
2015-09-02 08:45 - 2008-01-20 22:26 - 00229958 _____ C:\Windows\PFRO.log
2015-08-31 10:55 - 2012-10-03 13:38 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-28 15:55 - 2012-05-03 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-25 00:32 - 2009-10-19 10:52 - 00000000 ____D C:\Users\button\AppData\Local\Adobe
2015-08-19 16:14 - 2009-10-23 12:48 - 00000000 ____D C:\Users\button\Desktop\animal collective
2015-08-15 18:48 - 2012-05-21 11:24 - 00000000 ____D C:\Users\button\Desktop\recipe documents and scans
2015-08-13 03:43 - 2006-11-02 10:21 - 00273648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:41 - 2009-09-24 10:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:39 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-13 03:23 - 2011-03-03 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:23 - 2009-09-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:07 - 2013-08-15 10:41 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:03 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 16:16 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-12 14:53 - 2009-10-08 15:54 - 00000000 ____D C:\ProgramData\Roxio

==================== Files in the root of some directories =======

2009-10-30 14:29 - 2009-12-21 17:03 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\button\AppData\Roaming\DataSafeDotNet.exe
2010-01-19 17:48 - 2010-01-19 18:23 - 0009420 ___SH () C:\Users\button\AppData\Local\86K35bLqF
2010-01-20 16:48 - 2010-01-21 11:55 - 0010774 ___SH () C:\Users\button\AppData\Local\8Kc67
2009-11-22 13:26 - 2009-11-22 13:26 - 0000552 _____ () C:\Users\button\AppData\Local\d3d8caps.dat
2009-10-17 06:41 - 2013-08-02 11:14 - 0007052 _____ () C:\Users\button\AppData\Local\d3d9caps.dat
2009-10-08 17:52 - 2015-03-27 13:20 - 0035840 _____ () C:\Users\button\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-10 23:22 - 2010-06-10 23:22 - 0000000 _____ () C:\Users\button\AppData\Local\Dceweb.bin
2010-01-21 00:40 - 2010-01-21 00:40 - 0424038 _____ () C:\Users\button\AppData\Local\dd_vcredistMSI324C.txt
2010-01-21 00:40 - 2010-01-21 00:40 - 0011402 _____ () C:\Users\button\AppData\Local\dd_vcredistUI324C.txt
2010-01-21 00:40 - 2010-01-21 00:40 - 0010558 _____ () C:\Users\button\AppData\Local\dd_vcredistUI324F.txt
2010-01-10 02:38 - 2010-01-10 03:39 - 0010462 ___SH () C:\Users\button\AppData\Local\PqdPe6YoKQ5
2010-06-10 23:22 - 2010-06-10 23:22 - 0001698 _____ () C:\Users\button\AppData\Local\Rlavikayisukin.dat
2012-03-11 11:02 - 2012-03-24 10:56 - 0000125 ___SH () C:\ProgramData\.zreglib
2010-01-19 17:48 - 2010-01-19 18:23 - 0009420 ___SH () C:\ProgramData\86K35bLqF
2011-08-22 23:44 - 2011-08-22 23:45 - 0000356 _____ () C:\ProgramData\dldt.log
2010-01-10 02:38 - 2010-01-10 03:39 - 0010462 ___SH () C:\ProgramData\PqdPe6YoKQ5
2013-04-16 12:50 - 2013-04-16 12:50 - 1038874 _____ () C:\ProgramData\SPL1ED6.tmp
2012-10-05 18:22 - 2012-10-05 18:22 - 2305695 _____ () C:\ProgramData\SPL242C.tmp
2013-02-24 05:38 - 2013-02-24 05:38 - 0342736 _____ () C:\ProgramData\SPL4616.tmp
2012-04-03 15:44 - 2012-04-03 15:44 - 4292691 _____ () C:\ProgramData\SPL6BF0.tmp
2014-03-18 16:17 - 2014-03-18 16:17 - 0427708 _____ () C:\ProgramData\SPL7798.tmp
2012-04-12 11:27 - 2012-04-12 11:27 - 3045284 _____ () C:\ProgramData\SPL841D.tmp
2014-05-07 11:39 - 2014-05-07 11:39 - 0592948 _____ () C:\ProgramData\SPLA4CE.tmp
2012-10-05 18:21 - 2012-10-05 18:21 - 2305695 _____ () C:\ProgramData\SPLAE9.tmp
2014-04-21 09:16 - 2014-04-21 09:16 - 0417036 _____ () C:\ProgramData\SPLB1E5.tmp
2012-04-03 15:40 - 2012-04-03 15:40 - 4292691 _____ () C:\ProgramData\SPLF980.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-08 10:20

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 09 September 2015 - 07:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

S1 Beep; no ImagePath
Is the windows sound working on this computer?

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-915472494-2029157542-1660393771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF HKU\S-1-5-21-915472494-2029157542-1660393771-1000\...\Firefox\Extensions: [{06C050B6-CE38-4F3A-B865-5707182D6E3C}] - C:\Users\button\AppData\Local\{06C050B6-CE38-4F3A-B865-5707182D6E3C}
S1 Beep; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 September 2015 - 04:07 PM

Hi nasdaq,

 

Thanks for the help. I will end this post with my log. I ran everything as said and began a full scan with Security Essentials. I had to leave and when I came back the scan had locked up. I jotted down the file (up until the end where it was a bunch of letters and numbers that weren't fully displayed) that it got locked up on. When I tried to X out of the scan box, it wouldn't do anything. I then right clicked from the toolbar and after a while a message came up that said "Microsoft Security Client Interface Not working. I was able to close the program and when I did that, the Microsoft Security Essentials icon disappeared from my toolbar.

 

When I ran the AdwCleaner, I didn't see any files listed - just an N in the upper left hand corner of that box that would list the files. I did use the Clean function anyway. I have that log as well if you want it.

 

Oh yes, when I clicked on the link to clear Firefox cache, it was a page that talked about Internet Exporer. I don't use IE, am I supposed to follow those instructions anyway?

 

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by button (2015-09-09 09:20:31) Run:1
Running from C:\Users\button\Desktop
Loaded Profiles: button (Available Profiles: button)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-915472494-2029157542-1660393771-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF HKU\S-1-5-21-915472494-2029157542-1660393771-1000\...\Firefox\Extensions: [{06C050B6-CE38-4F3A-B865-5707182D6E3C}] - C:\Users\button\AppData\Local\{06C050B6-CE38-4F3A-B865-5707182D6E3C}
S1 Beep; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-915472494-2029157542-1660393771-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-915472494-2029157542-1660393771-1000\Software\Mozilla\Firefox\Extensions\\{06C050B6-CE38-4F3A-B865-5707182D6E3C} => value removed successfully
Beep => service removed successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
USBAAPL64 => service removed successfully
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
EmptyTemp: => 101.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 09:21:33 ====



#4 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 September 2015 - 08:53 PM

Maybe I should also mention that after Microsoft Security Essesntials locks up, I can't re-open it. It's still right there in the start up menu, it just won't open either by left or right clicking. If I want to run a quick scan with it, I have to restart the computer.

 

I don't redirect at any other time when using the internet, whether it be Google/Bing/Yahoo/etc...it's just on that one site.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 10 September 2015 - 08:25 AM

Oh yes, when I clicked on the link to clear Firefox cache, it was a page that talked about Internet Exporer. I don't use IE, am I supposed to follow those instructions anyway?

Yes there could be some items used by firefox in that cache.

===

Download and run the MSE removal tool.
http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

When completed restart the computer normally.

Reinstall MSE.

How is it now?

#6 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 September 2015 - 09:20 AM

Hi,

 

It seems I have two versions of Explorer on here. Can I uninstall them or would that cause problems? I believe I cleared everything in IE, but the box looked different than the sample page you linked to. Mine showed a box with Temp Internet Files/Cookies/History/Form Data/Passwords. I chose the Delete All function at the bottom. The Tools section didn't have the F12 Developer Tools part.

 

I ran the MSE removal tool and after trying to reinstall MSE I got a message that said an error has prevented MSE from installing. I wrote down the error code if you want it. It also suggested I restart and try again, which I did to the same result.



#7 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 September 2015 - 09:35 AM

During the installation process, MSE mentioned I should remove other anti-virus programs. As mentioned, I have CCleaner and Malwarebytes on here. Plus, whatever we have downloaded during this thread.

 

Should I remove any/all of these and try again? I just tried to install MSE a third time and got the same result - an error prevented...



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 10 September 2015 - 10:23 AM

MSE mentioned I should remove other anti-virus programs. As mentioned, I have CCleaner and Malwarebytes on here. Plus, whatever we have downloaded during this thread.

No problems with MBAM and Ccleaner. Other virus software, are AVG, AVAST, Norton etc...


Donwload and run this Revo Uninstaller tool.
http://www.revouninstaller.com/

Remove everything that is referencing MSE.

Restart the computer normally.

If you still get an error message please post the full content for my review.

#9 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 September 2015 - 11:51 AM

Hi,

 

I am not seeing anything that actually says Mircrosoft Security Essentials, but I do have Windows Live Essentials/Windows Live Sync/Windows Live Update Tool - are these related to MSE?

 

W/o knowing what they are, it seems odd that I have 5 Microsoft Visual C++ programs.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 10 September 2015 - 12:48 PM

, but I do have Windows Live Essentials/Windows Live Sync/Windows Live Update Tool - are these related to MSE?

This is installed when you instasll the Windows Essentials suite.

===

it seems odd that I have 5 Microsoft Visual C++ programs.

These are installed with the Windows security updates.
I have 8 of them. Leave them alone.

===

I would just delete Windows Security Essentials and install a free virus protection program.
You will find links on this page.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629

Any other issues with this computer?

#11 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 September 2015 - 01:12 PM

 Ok, stupid question - didn't we already delete Security Essentials? Or are you referring to the Windows Live Essentials/Windows Live Sync/Windows Live update tool programs? Sorry, bit of a computer idiot here.

 

I don't seem to have any other issues with the computer. Do you suspect I have/had a virus? What would cause this problem with MSE all of a sudden?

 

And should I keep using either Ccleaner or Adwcleaner?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 11 September 2015 - 07:36 AM

Ok, stupid question - didn't we already delete Security Essentials? Or are you referring to the Windows Live Essentials/Windows Live Sync/Windows Live update tool programs? Sorry, bit of a computer idiot here.

I just wanted to make sure the MSE was removed. Leave the other alone they are not causing any problems.

===

I don't seem to have any other issues with the computer. Do you suspect I have/had a virus? What would cause this problem with MSE all of a sudden?

We have no way of knowing what when wrong.

And should I keep using either Ccleaner or Adwcleaner?
Keep cCleaner but do not remove any Registry Items. It's too dangerous.

Keep Adwcleaner, run when you install 3rd party software to remove any unwanted programs that may be installed with these programs.
When you run the tool if prompted to bet the new version please do.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 cureneeded

cureneeded
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 September 2015 - 10:42 AM

Hi,
 
Thanks again for the help, much appreciated. Do you mind taking a look at a few attchments of my settings for when I run Ccleaner? I never run anything from the Registry section, tools, or options. I only run from these two pages and these are the settings I use...do they look good to you?
 
Thanks

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 11 September 2015 - 12:51 PM

Read and follow the instructions on this page.

http://www.howtogeek.com/113382/how-to-use-ccleaner-like-a-pro-9-tips-tricks/

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 17 September 2015 - 09:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users