PDA

View Full Version : Can't connect to normal wifi network


Pmj12343
2015-10-28, 00:15
A few days ago I received a message from Windows Defender that malware was detected and I immediately hit to have it cleaned up. It was SoftwareBundler:Win32/Techsnab and BrowserModifier:Win32/Diplugem. It says it got rid of them and the program seems to know many of its effects and aliases, according to research done on my iPhone. However, I think the effects remain, despite multiple Windows Security-type & Spybot & Revo Uninstaller & general manual scans and "fixes". Not to mention recovery points and setting many of my internet options to default. Ever since I got that malware message, I have not been able to connect to my home wifi network, only able to temporarily connect to my neighbor's with a very weak signal which also falls out of connection every few minutes. This has happened once before due to something called ProtectIO presumably, but seemed to go away after multiple wire reconnections after a few days, but not yet in this case. Please help.

While writing this, Windows Defender again detected and erased Diplugem while I had gmail open.

Faber Tool Files (I've used this program once before but am not really sure how to use it)

12393

12394
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Paige (administrator) on WINDOWS-LH3RM1K (05-08-2015 21:31:36)
Running from C:\Users\Paige\Downloads
Loaded Profiles: Paige (Available Profiles: Paige)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SecureSoft) C:\Windows\mlwps.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Paige\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Flvto Youtube Downloader] => "C:\Users\Paige\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe" /minimize
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [Dropbox Update] => C:\Users\Paige\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Paige\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2015-04-25] (Leader Technologies)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paige\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1680917060-3121241294-2322712074-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1680917060-3121241294-2322712074-1002] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1680917060-3121241294-2322712074-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.protectedio.com/?u=31d17213b455f60b7a0561a413c927e5&c=p1&src=hp&inst=1438395593
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^S11849^us&si=downloadzipfree&ptb=482AD62C-39F6-4AD4-A784-759CD985F4CA&ind=2014122020&n=780d1024&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=31d17213b455f60b7a0561a413c927e5&c=p1&src=srch&inst=1438395593
BHO: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.x64.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: DeealEExpreSss -> {203E97AC-9562-4A53-AB67-7E93186F6413} -> C:\Program Files (x86)\DeealEExpreSss\TXUtNNMGfxDe4g.dll No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: DealEExPReses -> {B66B6D60-2BEF-4659-A212-700920CA9EAA} -> C:\Program Files (x86)\DealEExPReses\7T9fH9hNcme5Zo.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1680917060-3121241294-2322712074-1002 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ADCB248E-0C04-4621-9A64-CCFDB7FC90B2}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\aiqy4c7q.default
FF NewTab: https://search.protectedio.com/?u=31d17213b455f60b7a0561a413c927e5&c=p1&src=hp&inst=1438395593
FF DefaultSearchEngine.US: Google encrypted
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\aiqy4c7q.default\searchplugins\google-encrypted.xml [2015-07-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink)
R2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-16] () [File not signed]
R2 Live Malware Protection; C:\windows\mlwps.exe [242688 2015-07-19] (SecureSoft) [File not signed] <==== ATTENTION
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-07-22] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 Broad Fortune; "C:\Program Files (x86)\Broad Fortune\Broad Fortune.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Mammoth Resort; "C:\Program Files (x86)\Mammoth Resort\Mammoth Resort.exe" [X]
S2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [X]
S2 Mortified Whole; "C:\Program Files (x86)\Mortified Whole\Mortified Whole.exe" [X]
S2 Update DigiHelp; "C:\Program Files (x86)\DigiHelp\updateDigiHelp.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:31 - 2015-08-05 21:32 - 00020206 _____ C:\Users\Paige\Downloads\FRST.txt
2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\FRST
2015-08-05 21:30 - 2015-08-05 21:30 - 02169856 _____ (Farbar) C:\Users\Paige\Downloads\FRST64.exe
2015-08-04 21:02 - 2015-08-05 17:31 - 00004998 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-LH3RM1K-Paige WINDOWS-LH3RM1K
2015-08-04 20:58 - 2015-08-04 20:58 - 00000000 ___RD C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-03 18:38 - 2015-08-03 18:38 - 00000000 ____D C:\Users\Paige\AppData\Local\Macromedia
2015-08-03 18:28 - 2015-08-05 20:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-03 18:28 - 2015-08-03 18:28 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-03 18:27 - 2015-08-03 18:28 - 00000000 ____D C:\Users\Paige\AppData\Local\Adobe
2015-08-02 17:41 - 2015-08-02 17:41 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-02 17:41 - 2015-08-02 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-02 17:40 - 2015-08-02 17:41 - 00000000 ____D C:\Program Files\iTunes
2015-08-02 17:40 - 2015-08-02 17:40 - 00000000 ____D C:\Program Files\iPod
2015-08-02 17:40 - 2015-08-02 17:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-01 13:25 - 2015-08-01 13:25 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-01 13:25 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-31 21:44 - 2015-07-31 21:44 - 00032758 _____ C:\ProgramData\1438397003.bdinstall.bin
2015-07-31 01:01 - 2015-07-25 08:34 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-30 17:12 - 2015-07-30 17:12 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 13:07 - 2015-07-28 12:59 - 00451043 ____R C:\windows\system32\Drivers\etc\hosts.20150728-130740.backup
2015-07-28 12:59 - 2015-07-22 12:21 - 00451923 _____ C:\windows\system32\Drivers\etc\hosts.20150728-125900.backup
2015-07-24 01:22 - 2015-07-30 17:13 - 00003628 _____ C:\windows\System32\Tasks\Audio Security Viewer
2015-07-22 20:39 - 2015-07-22 20:39 - 00000000 ____D C:\Program Files (x86)\IT Viewer
2015-07-22 18:17 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-22 18:17 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-22 18:17 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-22 18:17 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-22 18:17 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-22 18:11 - 2015-07-24 01:21 - 00001186 _____ C:\Users\Paige\Desktop\Dropbox.lnk
2015-07-21 23:15 - 2015-07-21 23:15 - 00527423 _____ ( ) C:\Users\Paige\Downloads\Lame_v3.99.3_for_Windows.exe
2015-07-21 23:15 - 2015-07-21 23:15 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-07-21 23:12 - 2015-07-21 23:12 - 01200163 _____ C:\Users\Paige\Downloads\7zip.exe
2015-07-21 22:38 - 2015-07-21 22:38 - 05272364 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_1.20.86.exe
2015-07-21 22:32 - 2015-07-21 22:32 - 15456623 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_2.2.6.224 (1).exe
2015-07-21 21:34 - 2015-07-21 21:35 - 15456623 _____ (Recisio ) C:\Users\Paige\Downloads\karafunplayer_2.2.6.224.exe
2015-07-21 21:21 - 2015-07-21 23:55 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Audacity
2015-07-21 21:19 - 2015-07-21 21:21 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-07-21 21:19 - 2015-07-21 21:19 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-07-21 21:19 - 2015-07-21 21:19 - 00001025 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-07-21 21:11 - 2015-07-21 21:11 - 25186399 _____ (Audacity Team ) C:\Users\Paige\Downloads\audacity-win-2.1.1.exe
2015-07-21 17:03 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-07-21 17:03 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-07-21 17:03 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-07-21 17:03 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-07-21 17:03 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-07-21 17:03 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-07-21 17:03 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-07-21 17:03 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-21 17:03 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-21 17:03 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-07-21 17:03 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-07-21 17:03 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-07-21 17:03 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-07-21 17:03 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-07-21 17:03 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys
2015-07-21 17:03 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys
2015-07-21 17:03 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys
2015-07-21 17:03 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-07-21 17:02 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-07-21 17:02 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-07-21 17:02 - 2015-05-01 18:33 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-21 17:02 - 2015-04-28 08:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-07-21 17:02 - 2015-04-28 08:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-07-21 17:02 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-07-21 17:02 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-21 16:37 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-21 16:37 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 19:49 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-07-20 19:49 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-20 18:36 - 2015-07-20 18:36 - 00000000 ____D C:\Users\Paige\Downloads\2
2015-07-20 18:35 - 2015-07-20 18:36 - 00000000 ____D C:\Users\Paige\Downloads\3last
2015-07-20 18:34 - 2015-07-20 18:34 - 01132925 _____ C:\Users\Paige\Downloads\3last.zip
2015-07-20 18:34 - 2015-07-20 18:34 - 01129736 _____ C:\Users\Paige\Downloads\2.zip
2015-07-19 20:37 - 2015-07-19 20:37 - 00803840 _____ C:\Users\Paige\AppData\Roaming\EA28.tmp.exe
2015-07-19 20:37 - 2015-07-19 20:37 - 00242688 _____ (SecureSoft) C:\windows\mlwps.exe
2015-07-19 20:37 - 2015-07-19 20:37 - 00003346 _____ C:\windows\System32\Tasks\Malware Cleaner
2015-07-19 20:37 - 2015-07-19 20:37 - 00003284 _____ C:\windows\System32\Tasks\Security Software
2015-07-19 20:37 - 2015-07-19 20:37 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Updater
2015-07-19 20:37 - 2015-07-19 20:37 - 00000000 _____ C:\Users\Paige\AppData\Roaming\EA28.tmp
2015-07-19 20:36 - 2015-07-19 20:36 - 00000000 ____D C:\Users\Paige\Downloads\Bret Easton Ellis 7 books epub
2015-07-19 20:35 - 2015-07-19 20:35 - 00093138 _____ C:\Users\Paige\Downloads\Bret Easton Ellis 7 books epub .zip
2015-07-15 10:48 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 10:48 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:48 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 10:48 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 10:48 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 10:48 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:48 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:48 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:48 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-07-15 10:48 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-15 10:48 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 10:48 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-07-15 10:48 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 10:48 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 10:47 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-15 10:47 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-15 10:47 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-15 10:47 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-15 10:47 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-15 10:47 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-07-15 10:47 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-15 10:47 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-15 10:47 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-15 10:47 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-15 10:47 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-15 10:47 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-15 10:47 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-15 10:47 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-15 10:47 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-15 10:47 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-15 10:47 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-07-15 10:47 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-07-15 10:47 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-07-15 10:46 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 10:46 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 10:46 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 10:46 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 10:46 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 10:46 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 10:45 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 10:45 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-15 10:45 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-15 10:45 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 10:45 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-07-15 10:45 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-15 10:45 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 10:45 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-07-15 10:45 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 10:45 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-15 10:45 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-07-15 10:45 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 10:45 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 10:45 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-07-15 10:45 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 10:45 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 10:45 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:45 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-15 10:45 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 10:45 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-15 10:45 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-07-15 10:45 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-15 10:45 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 10:45 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-07-15 10:45 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 10:45 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-15 10:45 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-07-15 10:45 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 10:45 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-15 10:45 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 10:45 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-07-15 10:45 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 10:45 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-15 10:43 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-15 10:43 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-15 10:43 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 10:43 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 10:43 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-15 10:42 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 10:42 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 10:41 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 10:41 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 10:41 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 10:41 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 10:41 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 10:41 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 10:41 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 10:41 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-10 08:39 - 2015-07-28 18:28 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:10 - 2015-06-17 15:59 - 00000950 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002UA.job
2015-08-05 21:10 - 2014-11-24 10:59 - 01141331 _____ C:\windows\WindowsUpdate.log
2015-08-05 21:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-05 20:43 - 2014-12-05 17:07 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1680917060-3121241294-2322712074-1002
2015-08-05 20:38 - 2015-05-10 23:09 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-05 20:38 - 2015-05-10 23:09 - 00001116 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-05 19:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-05 16:10 - 2015-06-17 15:59 - 00000898 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002Core.job
2015-08-05 12:51 - 2014-12-30 18:51 - 02681344 ___SH C:\Users\Paige\Desktop\Thumbs.db
2015-08-05 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-08-04 21:07 - 2014-12-20 19:00 - 00000000 ____D C:\Users\Paige\AppData\Local\CrashDumps
2015-08-04 21:00 - 2014-11-24 11:00 - 01526656 _____ C:\windows\SysWOW64\rootpa.e2e
2015-08-04 20:59 - 2014-12-20 17:31 - 00000000 ___RD C:\Users\Paige\Dropbox
2015-08-04 20:59 - 2014-12-20 17:27 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Dropbox
2015-08-04 20:59 - 2014-11-24 12:08 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-04 20:57 - 2014-12-21 11:51 - 00000000 __RDO C:\Users\Paige\OneDrive
2015-08-04 20:57 - 2014-12-05 17:01 - 00000000 ____D C:\Users\Paige
2015-08-04 20:57 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-04 20:56 - 2014-11-24 12:53 - 00163022 _____ C:\windows\PFRO.log
2015-08-04 20:56 - 2013-08-22 09:46 - 00017329 _____ C:\windows\setupact.log
2015-08-04 20:51 - 2014-12-25 23:57 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Skype
2015-08-03 12:36 - 2015-02-07 17:04 - 00065024 ___SH C:\Users\Paige\Downloads\Thumbs.db
2015-08-02 19:16 - 2014-12-20 19:51 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-02 17:40 - 2014-12-20 18:07 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-02 17:40 - 2014-12-20 18:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-01 13:25 - 2015-02-28 00:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-01 11:52 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-31 23:39 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI
2015-07-31 23:38 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-07-31 23:36 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-07-31 01:26 - 2015-02-15 18:22 - 00000000 ____D C:\Users\Paige\Desktop\Engs
2015-07-30 17:09 - 2015-07-05 11:59 - 00000020 _____ C:\Users\Paige\AppData\Roaming\appdataFr2.bin
2015-07-28 18:49 - 2014-11-24 10:45 - 00000000 ____D C:\windows\Panther
2015-07-28 13:19 - 2015-04-04 17:37 - 00000000 ___SD C:\windows\system32\GWX
2015-07-23 16:37 - 2014-12-05 17:03 - 00000000 ____D C:\Users\Paige\Documents\Bluetooth Folder
2015-07-22 18:03 - 2014-12-21 20:06 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-22 18:03 - 2014-12-21 20:06 - 00000000 ____D C:\windows\system32\appraiser
2015-07-21 22:26 - 2013-08-22 09:44 - 00499552 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-21 22:21 - 2015-04-04 17:37 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-21 22:21 - 2014-12-21 11:33 - 00000000 ____D C:\windows\system32\MRT
2015-07-21 21:15 - 2014-12-20 19:51 - 00000000 ____D C:\Users\Paige\AppData\Roaming\WindSolutions
2015-07-21 21:10 - 2014-12-20 19:51 - 00001393 _____ C:\Users\Paige\Desktop\CopyTrans Control Center.lnk
2015-07-21 21:10 - 2014-12-20 19:51 - 00000000 ____D C:\Users\Paige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-07-19 14:54 - 2014-12-25 23:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-19 14:54 - 2014-12-25 23:56 - 00000000 ____D C:\ProgramData\Skype
2015-07-18 19:24 - 2014-12-21 13:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 16:05 - 2015-06-17 15:59 - 00003896 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002UA
2015-07-17 16:05 - 2015-06-17 15:59 - 00003516 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1680917060-3121241294-2322712074-1002Core
2015-07-15 14:55 - 2014-12-21 13:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-15 14:50 - 2013-08-22 08:25 - 00000269 _____ C:\windows\win.ini
2015-07-13 16:10 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 16:28 - 2014-12-05 17:02 - 00000000 ____D C:\Users\Paige\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-07-05 11:59 - 2015-07-30 17:09 - 0000020 _____ () C:\Users\Paige\AppData\Roaming\appdataFr2.bin
2015-02-02 23:47 - 2015-02-07 15:58 - 0000020 _____ () C:\Users\Paige\AppData\Roaming\appdataFr3.bin
2015-07-19 20:37 - 2015-07-19 20:37 - 0000000 _____ () C:\Users\Paige\AppData\Roaming\EA28.tmp
2015-07-19 20:37 - 2015-07-19 20:37 - 0803840 _____ () C:\Users\Paige\AppData\Roaming\EA28.tmp.exe
2015-02-18 21:56 - 2015-02-18 21:56 - 0000043 _____ () C:\Users\Paige\AppData\Roaming\WB.CFG
2014-12-20 18:53 - 2014-12-20 18:53 - 0000064 _____ () C:\Users\Paige\AppData\Local\ec8f4072e20c2c8b6706d1c6e5294e3d
2015-02-26 22:31 - 2015-02-26 22:31 - 0336332 _____ () C:\ProgramData\1425007655.bdinstall.bin
2015-02-26 22:31 - 2015-02-26 22:31 - 0049287 _____ () C:\ProgramData\1425007854.bdinstall.bin
2015-07-31 21:44 - 2015-07-31 21:44 - 0032758 _____ () C:\ProgramData\1438397003.bdinstall.bin
2014-11-24 12:56 - 2014-11-24 12:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-24 12:07 - 2014-11-24 12:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-24 11:58 - 2014-11-24 11:59 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-24 12:00 - 2014-11-24 12:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-24 12:03 - 2014-11-24 12:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-24 11:57 - 2014-11-24 11:58 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf7dlr2.dll
C:\Users\Paige\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzt8eqk.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-28 17:56

==================== End of log ============================
tashi
2015-10-28, 04:38
Hello Pmj12343,


. This has happened once before due to something called ProtectIO presumably, but seemed to go away after multiple wire reconnections after a few days, but not yet in this case.

What happened here please. :) ProtectedIO: https://forums.spybot.info/showthread.php?72565-ProtectedIO&highlight=

The topic was closed in August due to lack of a response to the volunteer helper.

Best regards.
Pmj12343
2015-10-28, 23:54
But how do I use the Farbar tool in this instance? What do I paste into a fixlog? I already did whats in the other thread but its irrelevent now.
tashi
2015-10-28, 23:58
Hello Pmj12343,

I copy pasted your Farbar Recovery Scan Tool (FRST) log into this topic yesterday. :)

Please let us know why your original topic was abandoned, did another computer issue occur? Thanks.

Best regards.
Pmj12343
2015-10-29, 19:40
Hello Pmj12343,

I copy pasted your Farbar Recovery Scan Tool (FRST) log into this topic yesterday. :)

Please let us know why your original topic was abandoned, did another computer issue occur? Thanks.

Best regards.



Is that different than the one I posted? What do I do with it? It never created a fixlog for me or said such must be in the same place even though it already is.

For the previous post, I'm not sure it did anything to help the internet since it had now immediate effect but a few hours later a replug of cables seemed to even though everyone elses wife never had any trouble. I didnt post back just because I forgot.
Pmj12343
2015-10-29, 19:47
And that tutorial link doesnt work right. All i see are adds and disorganized titles/logos
Dakeyras
2015-10-29, 22:12
Hi Pmj12343 and welcome to Safer Networking. :)

All prior posts in this topic are acknowledged...

Do you a USB drive and access to another machine we can use to download some tools and in turn transfer them to your infected one ?
Pmj12343
2015-10-30, 04:51
Yes I do
Dakeyras
2015-10-30, 22:26
Hi. :)


Yes I do
Good, I think it prudent we secure both the USB drive and other machine to err on the side of caution in-case we need to employ this methodology more than once.

Download/Install & Run Panda USB Vaccine:

Carry out this portion on the other machine you have access to, I am surmising it is running say Vista, W7, W8 or W10. In the event it is XP merely double click on the installer.

Please download Panda USB Vaccine from here (http://www.majorgeeks.com/Panda_USB_and_AutoRun_Vaccine_d6029.html) to the Desktop of the other machine.


Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
At the configuration screen(settings)...
Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
Insert your USB Drive in your machine...it will be automatically vaccinated(as will any usb drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advice would be to keep it installed.

Next:

Download the following your USB drive:


AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Registry Backup (http://www.bleepingcomputer.com/download/registry-backup/)

Now transfer both of the above to the desktop of your infected machine please.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg


Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg (http://s280.photobucket.com/user/Dakeyras_album2/media/TBRB-2.jpg.html)


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

Scan with AdwCleaner:


Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Cleaning tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
AdwCleaner Log.
Pmj12343
2015-11-02, 17:12
Before I could download everything to the flashdrive, my internet started working. Very strange again. I had done nothing immediately before this to remedy the situation. It has been days since I messed with the wires and the last Windows scan I did was a day before this. I'll let you know if it goes out again and then do the flashdrive stuff. Thanks anyway.
Dakeyras
2015-11-02, 19:53
Acknowledged, probably still be a prudent to check your machine out regardless though. So merely carry out my prior instructions when ready(merely download directly using your machine etc). :)
Dakeyras
2015-11-04, 11:29
Due to the lack of feedback this Topic is closed.