Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer not working correctly, Slow and had to restart in safe mode


  • This topic is locked This topic is locked
7 replies to this topic

#1 richardnml

richardnml

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 October 2015 - 10:25 PM

ran Hijack this, here is the report:

 

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\22.5.4.24\NIS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\susan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\22.5.4.24\NIS.exe

--
End of file - 3346 bytes
 


Edited by Queen-Evie, 08 October 2015 - 08:14 AM.
moved from Windows 7 to Malware Removal Logs. HJT and FRST logs are allowed only in MRL forum


BC AdBot (Login to Remove)

 


#2 richardnml

richardnml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 October 2015 - 11:35 PM

additional information from Farbar Recovery Scan Tool

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-10-2015
Ran by susan (2015-10-08 00:25:31)
Running from C:\Users\susan\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-10-01 01:26:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3439275630-3903134352-3991251003-500 - Administrator - Disabled)
Guest (S-1-5-21-3439275630-3903134352-3991251003-501 - Limited - Disabled)
susan (S-1-5-21-3439275630-3903134352-3991251003-1000 - Administrator - Enabled) => C:\Users\susan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
Norton Internet Security (HKLM\...\NIS) (Version: 22.5.4.24 - Symantec Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-08-2015 22:45:28 Scheduled Checkpoint
20-08-2015 08:46:40 Windows Update
28-08-2015 11:12:04 Scheduled Checkpoint
04-09-2015 22:51:44 Scheduled Checkpoint
10-09-2015 08:59:45 Windows Update
17-09-2015 19:18:54 Scheduled Checkpoint
20-09-2015 20:24:22 Installed Sophos Virus Removal Tool.
04-10-2015 11:36:54 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-10-07 22:21 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04BBEE51-C2A7-4253-8842-B80609707D6B} - System32\Tasks\{EC5A7B44-9BE7-4186-B0B1-5C088EEFD733} => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\uiStub.exe
Task: {135DBF12-9721-40D9-830D-492CC50EA007} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {1DA01F3C-26E4-480D-8EFE-BF0F0C48949D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {22C5D29B-CE87-41FA-B19C-D231F13EA086} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {3866639A-FBD6-4FDA-B2CD-62F936C112AE} - System32\Tasks\{53D94067-A45D-4EF3-98D6-994B0563257B} => C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
Task: {7DD5F46A-F6A0-45C9-B125-A62D6F20063B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {8B988C37-C28B-4331-B231-F9FF85A9DC9F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {F06113BC-C13E-435D-B49D-61EDBD49B034} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3439275630-3903134352-3991251003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe -update activex
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{66088DC5-61C4-4A58-812C-E3457ECF42B8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51D67321-9C71-4E36-B0D8-677E4585B565}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8C884619-F475-4437-A210-7C9122231342}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FEF0FC72-CC85-4C7C-8BBE-F7A1E5A6841D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2015 12:21:24 AM) (Source: MsiInstaller) (EventID: 11606) (User: susan-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (10/08/2015 12:21:23 AM) (Source: MsiInstaller) (EventID: 11606) (User: susan-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (10/07/2015 10:39:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 10:24:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 10:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 04:09:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 06:21:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 11:09:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 09:17:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 07:00:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/08/2015 12:21:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/07/2015 10:00:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/07/2015 09:59:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz
Percentage of memory in use: 34%
Total physical RAM: 3535.92 MB
Available physical RAM: 2330.24 MB
Total Virtual: 7070.15 MB
Available Virtual: 5845.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:195.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 754A02D5)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#3 richardnml

richardnml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 October 2015 - 11:43 PM

still more from Farbar rcovery tool:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-10-2015
Ran by susan (administrator) on SUSAN-PC (08-10-2015 00:25:02)
Running from C:\Users\susan\Downloads
Loaded Profiles: susan (Available Profiles: susan)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{910A7A22-FA3A-431E-813C-777B8A42CA1F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-3439275630-3903134352-3991251003-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3439275630-3903134352-3991251003-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
IE Session Restore: HKU\S-1-5-21-3439275630-3903134352-3991251003-1000 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\susan\AppData\Roaming\Mozilla\Firefox\Profiles\5t99hpb6.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-10-07]

Chrome:
=======
CHR Profile: C:\Users\susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-23]
CHR Extension: (Norton Identity Safe) - C:\Users\susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-01]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151005.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1605040.018\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-08-27] (Symantec Corporation)
U3 EraserUtilDrv11511; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [122192 2015-08-27] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151007.001\IDSvix86.sys [582376 2015-09-22] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151007.001\NAVENG.SYS [104440 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151007.001\NAVEX15.SYS [1645432 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1605040.018\SRTSP.SYS [713960 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1605040.018\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NIS\1605040.018\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1605040.018\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1605040.018\SYMNETS.SYS [431328 2015-09-23] (Symantec Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-08 00:25 - 2015-10-08 00:25 - 00009158 _____ C:\Users\susan\Downloads\FRST.txt
2015-10-08 00:24 - 2015-10-08 00:25 - 00000000 ____D C:\FRST
2015-10-08 00:24 - 2015-10-08 00:24 - 01697792 _____ (Farbar) C:\Users\susan\Downloads\frst.exe
2015-10-07 23:47 - 2015-10-07 23:47 - 00899072 _____ (Farbar) C:\Users\susan\Downloads\FSS.exe
2015-10-07 22:54 - 2015-10-07 22:58 - 00000000 ____D C:\Users\susan\Documents\Hijack this log files 10.07.15
2015-10-07 22:40 - 2015-10-07 22:40 - 06677440 _____ (Piriform Ltd) C:\Users\susan\Downloads\ccsetup510.exe
2015-10-07 22:38 - 2015-10-07 22:38 - 00058016 _____ C:\Users\susan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-07 22:21 - 2015-09-20 18:44 - 00450771 _____ C:\Windows\system32\Drivers\etc\hosts.20151007-222145.backup
2015-09-25 19:55 - 2015-09-25 19:55 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-25 19:54 - 2015-09-25 19:54 - 00000000 ____D C:\Users\susan\AppData\Roaming\Sun
2015-09-25 19:54 - 2015-09-25 19:54 - 00000000 ____D C:\Users\susan\.oracle_jre_usage
2015-09-25 19:53 - 2015-09-25 19:53 - 00000000 ____D C:\Users\susan\AppData\LocalLow\Oracle
2015-09-22 22:05 - 2015-10-07 21:58 - 00002664 _____ C:\Windows\PFRO.log
2015-09-22 14:14 - 2015-10-07 23:33 - 00502804 _____ C:\Windows\WindowsUpdate.log
2015-09-22 14:12 - 2015-10-07 22:37 - 00002778 _____ C:\Windows\setupact.log
2015-09-22 14:12 - 2015-09-22 14:12 - 00267016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-22 14:12 - 2015-09-22 14:12 - 00000000 _____ C:\Windows\setuperr.log
2015-09-20 20:25 - 2015-09-20 20:25 - 00000000 ____D C:\ProgramData\Sophos
2015-09-20 20:24 - 2015-09-20 20:24 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-20 20:24 - 2015-09-20 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-20 20:24 - 2015-09-20 20:24 - 00000000 ____D C:\Program Files\Sophos
2015-09-20 20:19 - 2015-09-20 20:23 - 133575480 _____ (Sophos Limited) C:\Users\susan\Downloads\Sophos Virus Removal Tool.exe
2015-09-20 18:40 - 2015-09-20 18:41 - 06667640 _____ (Piriform Ltd) C:\Users\susan\Downloads\ccsetup509.exe
2015-09-09 07:47 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 07:47 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:47 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 07:47 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 07:47 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 07:47 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:47 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:47 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 07:47 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 07:47 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 07:47 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 07:47 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 07:47 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 07:47 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 07:47 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 07:46 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 07:46 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 07:46 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 07:46 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 07:46 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 07:46 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 07:46 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 07:46 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 07:46 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 07:46 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 07:46 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:46 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 07:46 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 07:46 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 07:46 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 07:46 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:46 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 07:46 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 07:46 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 07:46 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:46 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 07:46 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 07:46 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 07:46 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 07:46 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 07:46 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 07:46 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 07:46 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 07:46 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 07:46 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 07:46 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:46 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 07:46 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 07:46 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 07:46 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 07:46 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 07:46 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 07:46 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 07:46 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-08 00:17 - 2014-10-01 10:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 00:01 - 2009-07-14 00:34 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-08 00:01 - 2009-07-14 00:34 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 23:56 - 2014-10-01 10:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 22:48 - 2014-09-30 21:26 - 00000000 ____D C:\Users\susan\AppData\Local\VirtualStore
2015-10-07 22:42 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-07 22:41 - 2014-10-01 10:17 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-07 22:41 - 2014-10-01 10:17 - 00000000 ____D C:\Program Files\CCleaner
2015-10-07 22:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 17:27 - 2014-10-25 09:46 - 00000000 ____D C:\Users\susan\AppData\Local\CrashDumps
2015-10-02 09:04 - 2015-07-23 17:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-10-02 09:04 - 2014-09-30 22:15 - 00002341 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-10-02 09:04 - 2014-09-30 22:14 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2015-09-29 19:27 - 2014-11-17 15:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-29 14:25 - 2015-01-02 15:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-26 10:19 - 2014-10-01 10:35 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 19:55 - 2015-04-15 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-25 19:55 - 2015-04-15 14:57 - 00000000 ____D C:\Program Files\Java
2015-09-25 19:55 - 2014-10-01 12:27 - 00000000 ____D C:\ProgramData\Oracle
2015-09-25 19:54 - 2015-04-15 14:58 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-25 19:54 - 2014-09-30 21:26 - 00000000 ____D C:\Users\susan
2015-09-23 09:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-09-22 22:05 - 2015-02-24 09:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 14:13 - 2014-09-30 21:58 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 14:13 - 2014-09-30 21:58 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 14:08 - 2014-10-01 10:18 - 00000000 ____D C:\Users\susan\Documents\CCleaner registry cleans
2015-09-11 11:14 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 14:55 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 13:21 - 2014-10-01 10:34 - 00000000 ____D C:\Users\susan\AppData\Local\Google
2015-09-10 09:23 - 2011-04-11 22:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 09:06 - 2014-10-03 17:12 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-10-01 00:34 - 2014-10-01 00:34 - 0000045 _____ () C:\Users\susan\AppData\Roaming\WB.CFG

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-04 10:45

==================== End of FRST.txt ============================



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:34 AM

Posted 08 October 2015 - 08:11 AM

You can not use these tools in the Windows forums.  A Moderator will move this topic to the appropriate forum.

 

 

 

 

 

 



Install Ccleaner - Scan cleaner and registry

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
 
Why you should not use Registry Cleaners and Optimization Tools
 
There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:34 AM

Posted 08 October 2015 - 08:25 AM

Do NOT follow the directions given by deejhayvinz

You posted your logs in Windows 7 and you can see it has been moved to Malware Removal Logs. My edit in your first post will tell you why. After moving it here to MRL, his reply and yours to him were deleted.

Please wait for a member of the Malware Removal Team to help you.

Edited by Queen-Evie, 08 October 2015 - 08:27 AM.


#6 richardnml

richardnml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 08 October 2015 - 08:36 AM

Thank you for the assistance and guidance, I am a new member of Bleeping Computer, i understand what you are saying.  I already ran CCleaner, I am familiar with the program.  Hopefully I have not exacerbated my issue....

 

I did keep a log, of any registry changes that CCleaner made. the chkdsk /f/r did not run.

 

I have not run ADWare



#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 12 October 2015 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/592843 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 17 October 2015 - 10:35 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users