Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poor choice of downloads, checking to see if there is a bad guy lurking


  • This topic is locked This topic is locked
4 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:07:43 PM

Posted 03 December 2015 - 03:53 PM

Have a PC here that had some poorly chosen downloads (coupon printer, among others), and want to check to see if I got all the bad guys removed.  I used all the regular tools to clean it up (MBAM, Adw, JRT, among others).  Thanks in advance for taking a quick look at the FRST logs and letting me know if it is clean.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Donna (administrator) on DONNA-VAIO (03-12-2015 13:44:35)
Running from C:\Users\Donna\Downloads
Loaded Profiles: Donna (Available Profiles: Donna)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LaCrosse Technology) C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6366.15651.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-07-15] (Seagate Technology LLC)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://wpad.wildblue.com/wpad.dat
Tcpip\Parameters: [DhcpNameServer] 216.129.224.49 216.220.30.1
Tcpip\..\Interfaces\{519fb74a-65df-4473-86a4-e75b8c1fee41}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5a7f6c92-af34-4702-be94-ca2ad7a94dc1}: [DhcpNameServer] 216.129.224.49 216.220.30.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qus7.hpwis.com/
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-qus7.hpwis.com/
HKU\S-1-5-21-4036412699-732968248-2536423986-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-04-13] (Symantec Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-04-13] (Symantec Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-4036412699-732968248-2536423986-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\gf06yi5q.default-1439673039651
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-24] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\gf06yi5q.default-1439673039651\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-24]
FF Extension: Adblock Plus - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\gf06yi5q.default-1439673039651\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-03]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2015-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2014-01-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2014-01-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2014-01-01] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\WildBlue.js [2009-06-24]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-08-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2015-08-08] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-08] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2015-02-04] (Intel Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-07-15] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WV5Communication; C:\Program Files (x86)\HeavyWeatherWV5\HeavyWeatherService.exe [1854464 2011-04-19] (LaCrosse Technology) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2013-02-04] ()
R3 NWWakeFilterV; C:\Windows\System32\drivers\NWWakeFilterV.sys [16632 2013-02-04] (n/a)
R2 risdsnpe; C:\Windows\System32\drivers\risdsnxc64.sys [98816 2011-06-02] (REDC)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-08-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 13:44 - 2015-12-03 13:45 - 00023252 _____ C:\Users\Donna\Downloads\FRST.txt
2015-12-03 13:44 - 2015-12-03 13:44 - 00000000 ____D C:\FRST
2015-12-03 13:43 - 2015-12-03 13:43 - 00016148 _____ C:\WINDOWS\system32\DONNA-VAIO_Donna_HistoryPrediction.bin
2015-12-03 13:29 - 2015-12-03 13:29 - 00003786 _____ C:\WINDOWS\System32\Tasks\Donna Merge
2015-12-03 13:29 - 2015-12-03 13:29 - 00003758 _____ C:\WINDOWS\System32\Tasks\Donna
2015-12-03 13:27 - 2015-12-03 13:27 - 00003592 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2015-12-03 13:27 - 2015-12-03 13:27 - 00003570 _____ C:\WINDOWS\System32\Tasks\Donna DBAgent 2 0
2015-12-03 13:27 - 2015-12-03 13:27 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Nero
2015-12-03 13:26 - 2015-12-03 13:26 - 00002178 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-12-03 13:26 - 2015-12-03 13:26 - 00000000 ____D C:\ProgramData\Nero
2015-12-03 13:26 - 2015-12-03 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-12-03 13:26 - 2015-12-03 13:26 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-12-03 13:22 - 2015-12-03 13:22 - 00000000 ____D C:\ProgramData\Seagate
2015-12-03 13:21 - 2015-12-03 13:21 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Seagate
2015-12-03 13:19 - 2015-12-03 13:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2015-12-03 13:19 - 2015-12-03 13:19 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Leadertech
2015-12-03 13:06 - 2015-12-03 13:06 - 00000324 _____ C:\Users\Donna\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Remov.URL
2015-12-03 13:05 - 2015-12-03 13:44 - 02350080 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2015-11-24 19:43 - 2015-11-24 19:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-24 18:04 - 2015-11-24 18:04 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-11-24 13:12 - 2015-11-24 13:13 - 00000000 ____D C:\Users\Donna\AppData\LocalLow\Adblock Plus for IE
2015-11-24 13:12 - 2015-11-24 13:12 - 00000000 ____D C:\Program Files\WOT
2015-11-24 13:12 - 2015-11-24 13:12 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-11-24 13:12 - 2015-11-24 13:12 - 00000000 ____D C:\Program Files (x86)\WOT
2015-11-24 12:55 - 2015-11-24 12:55 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-11-24 12:55 - 2015-11-24 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-24 12:55 - 2015-11-24 12:55 - 00000000 ____D C:\Program Files\CCleaner
2015-11-24 12:49 - 2015-11-24 12:49 - 00000000 ____D C:\Users\Donna\AppData\Local\CEF
2015-11-24 12:47 - 2015-12-03 13:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 12:44 - 2015-12-03 13:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-24 12:44 - 2015-11-24 12:44 - 00006063 _____ C:\Users\Donna\Documents\Classic Start backup.xml
2015-11-24 12:41 - 2015-12-03 13:42 - 00000000 ____D C:\Users\Donna\AppData\Local\ClassicShell
2015-11-24 12:41 - 2015-11-24 12:41 - 00002138 _____ C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-11-24 12:41 - 2015-11-24 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-11-24 12:41 - 2015-11-24 12:41 - 00000000 ____D C:\Program Files\Classic Shell
2015-11-24 12:36 - 2015-11-24 12:36 - 00000000 ____D C:\Users\Donna\AppData\Local\Apple Computer
2015-11-24 12:33 - 2015-11-24 12:33 - 00000000 ____D C:\Users\Donna\Tracing
2015-11-24 12:33 - 2015-11-24 12:33 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Apple Computer
2015-11-24 12:10 - 2015-11-24 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-24 12:09 - 2015-11-24 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-24 12:09 - 2015-11-24 12:09 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\Users\Donna\AppData\LocalLow\Apple Computer
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\Users\Donna\AppData\Local\Apple
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\ProgramData\Apple
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-11-24 12:09 - 2015-11-24 12:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-24 12:09 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-24 12:09 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-24 12:09 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-24 12:05 - 2015-11-24 12:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-24 12:05 - 2015-11-24 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-24 12:03 - 2015-11-24 12:03 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-24 12:01 - 2015-11-24 12:03 - 00000000 ____D C:\Users\Donna\.oracle_jre_usage
2015-11-24 12:01 - 2015-11-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-24 12:01 - 2015-11-24 12:01 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-24 12:01 - 2015-11-24 12:01 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Sun
2015-11-24 12:01 - 2015-11-24 12:01 - 00000000 ____D C:\Users\Donna\AppData\LocalLow\Sun
2015-11-24 12:00 - 2015-11-24 12:00 - 00000000 ____D C:\Users\Donna\AppData\LocalLow\Oracle
2015-11-24 12:00 - 2015-11-24 12:00 - 00000000 ____D C:\ProgramData\Oracle
2015-11-12 22:55 - 2015-11-12 22:55 - 00289216 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2015-11-12 22:55 - 2015-11-12 22:55 - 00247744 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 13:44 - 2015-07-10 02:05 - 00000000 ____D C:\Windows
2015-12-03 13:42 - 2015-08-08 19:37 - 00000000 ____D C:\Users\Donna
2015-12-03 13:26 - 2015-07-10 04:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-03 13:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-03 13:24 - 2015-08-09 02:37 - 00000000 ____D C:\Users\Donna\AppData\Local\Packages
2015-12-03 13:23 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-03 13:19 - 2015-08-08 19:36 - 01009818 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-03 13:19 - 2015-07-10 04:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-03 13:18 - 2014-07-31 13:53 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{04EE075D-A6D0-4288-B474-C9E5912CB5F2}
2015-12-03 13:14 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-03 13:14 - 2015-07-10 02:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 21:01 - 2015-08-15 06:04 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-24 21:01 - 2015-07-10 05:20 - 00337984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-24 20:57 - 2012-04-24 05:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 19:44 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-24 18:04 - 2011-11-19 20:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-24 14:59 - 2015-08-08 21:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-24 13:45 - 2011-11-19 16:06 - 00000000 ____D C:\WINDOWS\pss
2015-11-24 13:44 - 2011-11-19 21:51 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Skype
2015-11-24 13:41 - 2011-08-14 00:54 - 00000000 ____D C:\Program Files (x86)\DDNi
2015-11-24 13:39 - 2015-09-12 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-24 13:39 - 2011-08-14 00:32 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-24 13:39 - 2011-08-14 00:31 - 00000000 ____D C:\Program Files\Java
2015-11-24 13:21 - 2011-11-20 14:57 - 00000000 ____D C:\Users\Donna\AppData\Local\CrashDumps
2015-11-24 12:59 - 2014-10-12 15:30 - 00000000 ____D C:\Users\Donna\AppData\Local\Adobe
2015-11-24 12:56 - 2011-11-19 21:18 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-24 12:55 - 2013-05-10 10:57 - 00000000 __SHD C:\Users\Donna\UserData
2015-11-24 12:48 - 2014-12-23 10:27 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-24 12:47 - 2011-08-14 01:05 - 00000000 ____D C:\ProgramData\Adobe
2015-11-24 12:47 - 2011-08-14 01:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-24 12:33 - 2015-08-09 02:41 - 00002334 _____ C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-24 12:33 - 2015-08-09 02:41 - 00000000 ___RD C:\Users\Donna\OneDrive
2015-11-24 12:31 - 2012-05-13 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-24 12:19 - 2012-05-21 12:01 - 00000021 _____ C:\WINDOWS\Model.txt
2015-11-24 12:09 - 2011-11-20 16:48 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-24 12:05 - 2011-08-14 01:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-24 12:03 - 2011-11-20 18:08 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-24 12:03 - 2011-08-14 00:31 - 00326752 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-11-24 12:03 - 2011-08-14 00:31 - 00206944 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-11-24 12:03 - 2011-08-14 00:31 - 00206944 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-11-24 12:01 - 2011-08-14 00:32 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-11-24 12:01 - 2011-08-14 00:32 - 00191584 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-11-24 12:01 - 2011-08-14 00:32 - 00191072 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

==================== Files in the root of some directories =======

2015-03-08 18:38 - 2015-03-08 18:38 - 0000479 _____ () C:\Program Files (x86)\0308201519382631.bat
2011-11-20 22:53 - 2011-11-20 22:53 - 0026379 _____ () C:\Users\Donna\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-01 13:14 - 2014-01-01 13:14 - 0017408 _____ () C:\Users\Donna\AppData\Local\WebpageIcons.db
2011-12-30 21:30 - 2015-05-29 18:30 - 0001042 _____ () C:\ProgramData\currdat.lst
2011-12-19 12:35 - 2015-05-29 18:30 - 0001042 _____ () C:\ProgramData\currdat.lst.tmp
2015-08-08 19:33 - 2015-08-08 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-11-19 21:53 - 2011-11-19 21:53 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-12-19 12:31 - 2011-12-19 12:31 - 10485760 _____ () C:\ProgramData\WV5DataStore

Files to move or delete:
====================
C:\Users\Donna\hpothb07.dat
C:\Users\Public\hpothb07.dat


Some files in TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\GLFD3F7.EXE
C:\Users\Donna\AppData\Local\Temp\GLFDA22.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 13:43

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 PM

Posted 04 December 2015 - 11:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
R2 iprip; C:\Windows\System32\iprip.dll [35328 2015-08-08] (Microsoft Corporation)
U3 idsvc; no ImagePath
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {1BA56C8F-D051-4564-91BD-7A74C74189F2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4269F1D3-59C2-401A-88E6-BD1B335860C2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5ED02194-A5C1-4306-8F1E-9BA851336C4B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6EEC5E93-74C3-4EE2-A631-462B37240FC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7CF1CCA6-F6E7-410C-9205-77FFB154A74A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {927B7C85-7ABA-4607-A70A-2936A0C42C39} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {990A52C9-F974-40C6-9AF2-5303BE9A8899} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9E3D0E36-9CBF-484D-A970-C7D61AB94D5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A82BECB3-4B04-4019-B525-B40D5244592A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D019FFC7-1232-445C-9789-5A0196C770E2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FDDDA4C7-04FB-4D8B-BB84-24F840C55C33} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Users\Donna\AppData\Local\Temp\GLFD3F7.EXE
C:\Users\Donna\AppData\Local\Temp\GLFDA22.EXE


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:07:43 PM

Posted 04 December 2015 - 12:53 PM

Running well!  Thanks nasdaq!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 PM

Posted 05 December 2015 - 07:55 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:43 PM

Posted 11 December 2015 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users