Results 1 to 10 of 24

Thread: Browser redirects

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    56

    Default Browser redirects

    A little background. This was my son's computer and he was having troubles with it for a while. He has since joined the Navy, so I naturally took his laptop and tried to clean it as best I could. I was forever getting different redirects in IE, most of them to fake Adobe Flashplayer update sites. After getting sick of seeing this about every 5 minutes, I completely wiped it out and re-installed Windows 7. even after a fresh install, still getting browser redirects, some to the fake Adobe site and others suggesting that my computer is infected. Here are my scans, looks like I may have an issue...:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
    Ran by Eric (administrator) on ERIC-PC (20-12-2018 18:34:10)
    Running from C:\Users\Eric\Desktop
    Loaded Profiles: Eric (Available Profiles: Eric)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-02] (Dell Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-11-15] (Apple Inc.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{9D84EDBD-2C82-4809-A6AD-CA2B80FF9AF8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{C69D3F31-BF57-4F73-976B-79F7F692F8C5}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKU\S-1-5-21-176189476-422782663-3432535527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-09] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2012-04-25] (Broadcom Corporation)
    R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31648 2012-04-25] (Broadcom Corporation)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [172528 2018-10-22] (Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2404336 2018-10-22] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [189424 2018-10-22] (Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-10-31] (PC-Doctor, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
    R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40296 2012-04-25] (Broadcom Corporation)
    R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [30912 2018-05-08] (Dell Inc.)
    R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [30520 2018-05-08] (Dell Computer Corporation)
    S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [56552 2018-10-28] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-12-20] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
    S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1321568 2012-08-17] (Ralink Technology Corp.)
    R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [18992 2015-01-09] (ST Microelectronics)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87728 2015-05-21] (STMicroelectronics)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-20 18:34 - 2018-12-20 18:34 - 000008913 _____ C:\Users\Eric\Desktop\FRST.txt
    2018-12-20 18:33 - 2018-12-20 18:34 - 000000000 ____D C:\FRST
    2018-12-20 18:32 - 2018-12-20 18:32 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-12-20 18:31 - 2018-12-20 18:31 - 000000207 _____ C:\Windows\tweaking.com-regbackup-ERIC-PC-Windows-7-Professional-(32-bit).dat
    2018-12-20 18:31 - 2018-12-20 18:31 - 000000000 ____D C:\RegBackup
    2018-12-20 18:30 - 2018-12-20 18:30 - 000017367 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2018-12-20 18:30 - 2018-12-20 18:30 - 000002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2018-12-20 18:30 - 2018-12-20 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-12-20 18:30 - 2018-12-20 18:30 - 000000000 ____D C:\Program Files\Tweaking.com
    2018-12-20 18:29 - 2018-12-20 18:29 - 005198336 _____ (AVAST Software) C:\Users\Eric\Desktop\aswMBR.exe
    2018-12-20 18:28 - 2018-12-20 18:28 - 005766144 _____ (Tweaking.com) C:\Users\Eric\Desktop\tweaking.com_registry_backup_setup.exe
    2018-12-20 18:28 - 2018-12-20 18:28 - 001778176 _____ (Farbar) C:\Users\Eric\Desktop\FRST.exe
    2018-12-19 22:46 - 2012-04-25 22:05 - 000308624 _____ C:\Windows\system32\brcmbsp.dll
    2018-12-19 22:46 - 2012-04-25 22:05 - 000208264 _____ C:\Windows\system32\bipbsp.dll
    2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
    2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
    2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\ProgramData\Broadcom
    2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\Program Files\Broadcom Corporation
    2018-12-19 22:15 - 2018-12-19 22:51 - 000000000 ____D C:\Program Files\ST Microelectronics
    2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ST_Accel_01009.Wdf
    2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____D C:\Program Files\STMicroelectronics
    2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____D C:\Program Files\DIFX
    2018-12-19 22:15 - 2015-05-21 15:04 - 000087728 _____ (STMicroelectronics) C:\Windows\system32\Drivers\ST_Accel.sys
    2018-12-19 22:15 - 2015-05-21 15:04 - 000069808 _____ (ST Microelectronics) C:\Windows\system32\stdcfltnco08.dll
    2018-12-19 22:15 - 2015-01-09 10:25 - 000018992 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
    2018-12-19 21:58 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-12-19 21:58 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-12-19 21:58 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-12-19 21:58 - 2018-12-14 00:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-12-19 21:58 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-12-19 21:58 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-12-19 21:58 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-12-19 21:58 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-12-19 21:58 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-12-19 21:58 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-12-19 21:58 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-12-19 21:58 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-12-19 21:58 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-12-19 21:58 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-12-19 21:58 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-12-19 21:58 - 2018-12-14 00:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-12-19 21:58 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-12-19 21:58 - 2018-12-14 00:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-12-19 21:58 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-12-19 21:58 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-12-19 21:58 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-12-19 21:58 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-12-19 21:58 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-12-19 21:58 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-12-19 21:58 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-12-19 21:58 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-12-19 21:58 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-12-19 21:58 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-12-19 21:58 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-12-19 21:58 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-12-19 21:58 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-12-19 21:58 - 2018-12-14 00:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-12-19 21:58 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-12-19 21:58 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-12-19 21:58 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-12-19 21:58 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-12-14 16:26 - 2018-12-14 16:26 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-12-14 16:26 - 2018-12-14 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-12-14 16:26 - 2018-12-14 16:26 - 000000000 ____D C:\Program Files\iPod
    2018-12-14 16:25 - 2018-12-14 16:26 - 000000000 ____D C:\Program Files\iTunes
    2018-12-12 00:25 - 2018-12-05 20:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-12-12 00:25 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2018-12-12 00:25 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2018-12-12 00:25 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2018-12-12 00:25 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2018-12-12 00:25 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2018-12-12 00:25 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
    2018-12-12 00:25 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-12-12 00:25 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2018-12-12 00:25 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-12-12 00:25 - 2018-11-11 10:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-12-12 00:25 - 2018-11-11 10:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-12-12 00:25 - 2018-11-11 10:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
    2018-12-12 00:25 - 2018-11-11 10:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-12-12 00:25 - 2018-11-11 10:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-12-12 00:25 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-12-12 00:25 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-12-12 00:25 - 2018-11-11 10:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-12-12 00:25 - 2018-11-11 10:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-12-12 00:25 - 2018-11-11 10:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-12-12 00:25 - 2018-11-11 10:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-12-12 00:25 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-12-12 00:25 - 2018-11-11 10:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-12-12 00:25 - 2018-11-11 10:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-12-12 00:25 - 2018-11-11 10:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-12-12 00:25 - 2018-11-11 10:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-12-12 00:25 - 2018-11-11 10:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-12-12 00:25 - 2018-11-11 10:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-12-12 00:25 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-12-12 00:25 - 2018-11-11 10:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-12-12 00:25 - 2018-11-11 10:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-12-12 00:25 - 2018-11-11 10:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2018-12-12 00:25 - 2018-11-11 10:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2018-12-12 00:25 - 2018-11-11 10:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
    2018-12-12 00:25 - 2018-11-11 10:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2018-12-12 00:25 - 2018-11-11 10:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2018-12-12 00:25 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2018-12-12 00:25 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2018-12-12 00:25 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2018-12-12 00:25 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2018-12-12 00:25 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-12-12 00:25 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-12-12 00:25 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2018-12-12 00:25 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-12-12 00:25 - 2018-10-06 09:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2018-12-12 00:25 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2018-12-12 00:25 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-12-09 13:05 - 2018-12-09 13:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2018-12-09 13:05 - 2018-12-09 13:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2018-12-09 13:05 - 2018-12-09 13:15 - 000000000 ____D C:\Windows\system32\Macromed
    2018-12-09 13:05 - 2018-12-09 13:05 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Macromedia
    2018-12-09 13:04 - 2018-12-09 13:15 - 000000000 ____D C:\Users\Eric\AppData\Local\Adobe
    2018-12-05 05:40 - 2018-12-12 03:28 - 000269440 _____ C:\Windows\system32\FNTCACHE.DAT

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-20 17:55 - 2009-07-13 22:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-12-20 17:55 - 2009-07-13 22:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-12-20 17:46 - 2018-10-27 07:41 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2018-12-20 17:46 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-12-20 17:44 - 2018-10-28 14:23 - 000861668 _____ C:\Windows\ntbtlog.txt
    2018-12-20 04:07 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\rescache
    2018-12-19 22:46 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
    2018-12-19 22:15 - 2018-10-25 20:37 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
    2018-12-19 21:59 - 2009-07-13 20:37 - 000000000 ____D C:\PerfLogs
    2018-12-19 21:37 - 2018-10-27 07:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-12-12 03:34 - 2018-10-25 19:09 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-12-12 03:08 - 2018-10-25 18:29 - 000000000 ____D C:\Windows\system32\MRT
    2018-12-12 03:05 - 2018-10-25 18:29 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-12-10 16:04 - 2018-10-25 18:24 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2018-12-09 17:47 - 2009-07-13 20:04 - 000454774 ____R C:\Windows\system32\Drivers\etc\hosts.20181219-213350.backup
    2018-11-26 01:36 - 2018-10-26 17:20 - 000000000 _____ C:\Windows\system32\SpyWareFolderstoFilter.txt

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-12-14 00:16

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.12.2018
    Ran by Eric (20-12-2018 18:34:58)
    Running from C:\Users\Eric\Desktop
    Microsoft Windows 7 Professional Service Pack 1 (X86) (2018-10-25 23:35:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-176189476-422782663-3432535527-500 - Administrator - Disabled)
    Eric (S-1-5-21-176189476-422782663-3432535527-1000 - Administrator - Enabled) => C:\Users\Eric
    Guest (S-1-5-21-176189476-422782663-3432535527-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-176189476-422782663-3432535527-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Dell ControlVault Host Components Installer (HKLM\...\{718A9DB6-1B7D-4E40-AD74-E19FDAA8AFD5}) (Version: 2.2.509.141 - Broadcom Corporation)
    Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
    iTunes (HKLM\...\{E9B408B4-59AE-4757-9054-8DD4A5768E5D}) (Version: 12.9.2.6 - Apple Inc.)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0067 - ST Microelectronics)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-01] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {036B5D03-2569-4677-B4D2-B77EA1F60156} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {27996A72-3141-418F-9692-26E7DA846D94} - System32\Tasks\{6611DC6A-69C3-4005-A145-DB734DA6494A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe" -c launchui
    Task: {349E65C3-7AAD-42CF-B63C-F85ADF906B78} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-09] (Adobe Systems Incorporated)
    Task: {5338BC77-FEC1-4CAE-A26C-33B2E35D0BD9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {80350217-0A1D-4DD0-9B48-FC722D839B12} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {B4178062-61C8-4562-A3F9-73C5B2E369F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {E8345A4C-00BD-4AF4-A49F-91E2DC146AC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {EAA6EA38-CD1E-41AB-B22D-42C8362A2593} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
    Task: {F858A576-13D3-4B70-9BF6-91BA8335FE00} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-11-01 05:28 - 2018-11-01 05:28 - 001042744 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-10-21 01:17 - 2018-10-21 01:17 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-01-10 20:12 - 2012-01-10 20:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
    2018-11-29 13:42 - 2018-11-29 13:42 - 001042744 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-11-29 13:42 - 2018-11-29 13:42 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-10-27 07:48 - 2018-10-28 13:13 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-10-31 10:36 - 2018-10-31 10:36 - 002014024 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7943 more sites.

    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123simsen.com -> www.123simsen.com

    There are 7943 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:04 - 2018-12-19 21:33 - 000454774 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-176189476-422782663-3432535527-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{C4248880-2FBE-4C65-BED6-5871FAB21BB6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{CE77FDC7-76BF-42A4-AAE9-53AABBF7822A}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{5822ED7D-134C-4890-B9BB-68A7B9A7B099}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4FEAF54D-904A-4EFA-B5C7-F06E5A7DF2EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF355582-AA6A-4476-A5A8-A33E212A11DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    11-12-2018 05:58:46 Windows Update
    12-12-2018 03:00:13 Windows Update
    15-12-2018 07:36:23 Windows Update
    18-12-2018 22:04:01 Windows Update
    19-12-2018 22:15:05 Installed ST Microelectronics 3 Axis Digital Accelerometer Solut଍F
    19-12-2018 22:45:01 Installed Dell ControlVault Host Components Installer.
    20-12-2018 03:00:25 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/20/2018 05:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.19230 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e94

    Start Time: 01d4988400a6df19

    Termination Time: 0

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (12/19/2018 10:43:22 PM) (Source: Dell System Detect) (EventID: 0) (User: )
    Description: <Exception><Message>FileDialog returned path: C:\Users\Eric\Desktop</Message><SysInfo STag="8PLCRM1" SMBIOSMajVer="2" SMBIOSMinVer="6" SMBIOSBIOSVer="A17" SMBIOSPresent="True" Rel_Date="20170512000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6410" Ident_Num="ERIC-PC" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><HostIP>10.0.0.169</HostIP></Exception>

    Error: (12/19/2018 10:43:13 PM) (Source: Dell System Detect) (EventID: 0) (User: )
    Description: <Exception><Message>FileDialog Started</Message><SysInfo STag="8PLCRM1" SMBIOSMajVer="2" SMBIOSMinVer="6" SMBIOSBIOSVer="A17" SMBIOSPresent="True" Rel_Date="20170512000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6410" Ident_Num="ERIC-PC" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><HostIP>10.0.0.169</HostIP></Exception>

    Error: (12/19/2018 08:53:55 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
    Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeLoadException: Could not find Windows Runtime type 'Windows.UI.Notifications.ToastNotificationManager'. ---> System.PlatformNotSupportedException: Operation is not supported on this platform.
    --- End of inner exception stack trace ---
    at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
    at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
    at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
    at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
    at Dell.Services.SupportAssist.Notification.NotificationManager.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
    at Dell.Services.SupportAssist.SupportAssistAgentCore.SupportAssistProcessor.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
    at Dell.Services.SupportAssist.Bootstrapper.BootStrapper.SessionChangeAction(SessionChangeDescription changeDescription)
    --- End of inner exception stack trace ---
    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
    at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
    at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
    at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

    Error: (12/19/2018 08:27:36 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
    Description: Failed to load protocol handler File. Error description: (HRESULT : 0x80041501).

    Error: (12/19/2018 08:26:54 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

    Error: (12/19/2018 01:28:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.7.64.98, time stamp: 0x5ad9aa54
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24291, time stamp: 0x5be78231
    Exception code: 0x0eedfade
    Fault offset: 0x0000845d
    Faulting process id: 0x38c
    Faulting application start time: 0x01d497d0f472e1fa
    Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report Id: 3d6fafff-03c4-11e9-b92f-0026b9ded3d5

    Error: (12/15/2018 08:59:16 AM) (Source: ESENT) (EventID: 482) (User: )
    Description: taskhost (2796) WebCacheLocal: An attempt to write to the file "C:\Users\Eric\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 4521984 (0x0000000000450000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 8 (0x00000008): "Not enough storage is available to process this command. ". The write operation will fail with error -1011 (0xfffffc0d). If this error persists then the file may be damaged and may need to be restored from a previous backup.


    System errors:
    =============
    Error: (12/20/2018 06:33:03 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:33:00 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:58 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:55 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:53 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:50 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:48 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (12/20/2018 06:32:45 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
    Percentage of memory in use: 43%
    Total physical RAM: 3509.86 MB
    Available physical RAM: 1981.59 MB
    Total Virtual: 7018.09 MB
    Available Virtual: 4710.43 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:149.01 GB) (Free:109.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]


    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 8958630B)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2018-12-20 18:40:07
    -----------------------------
    18:40:07.426 OS Version: Windows 6.1.7601 Service Pack 1
    18:40:07.426 Number of processors: 4 586 0x2502
    18:40:07.426 ComputerName: ERIC-PC UserName: Eric
    18:40:40.373 Initialize success
    18:40:40.451 VM: initialized successfully
    18:40:40.467 VM: Intel CPU supported
    18:40:46.843 VM: disk I/O atapi.sys
    18:43:20.856 AVAST engine defs: 17030301
    18:43:32.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:43:32.979 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152627MB BusType: 3
    18:43:33.151 Disk 0 MBR read successfully
    18:43:33.167 Disk 0 MBR scan
    18:43:33.229 Disk 0 Windows 7 default MBR code
    18:43:33.229 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    18:43:33.354 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 80325
    18:43:33.354 Disk 0 default boot code
    18:43:33.401 Disk 0 scanning sectors +312576705
    18:43:33.775 Disk 0 scanning C:\Windows\system32\drivers
    18:43:58.298 Service scanning
    18:44:41.354 Modules scanning
    18:44:41.354 Disk 0 trace - called modules:
    18:44:41.385 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
    18:44:41.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865e0440]
    18:44:41.401 3 CLASSPNP.SYS[8c00459e] -> nt!IofCallDriver -> [0x865e0a28]
    18:44:41.417 5 stdcfltn.sys[8c5f18a4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856ec908]
    18:44:42.181 AVAST engine scan C:\Windows
    18:44:44.911 AVAST engine scan C:\Windows\system32
    18:45:15.752 File: C:\Windows\system32\csrsrv.dll **INFECTED** Win32:Aluroot-B [Rtk]
    18:51:07.308 AVAST engine scan C:\Windows\system32\drivers
    18:51:30.474 AVAST engine scan C:\Users\Eric
    18:53:02.065 AVAST engine scan C:\ProgramData
    18:55:21.123 Disk 0 statistics 2366704/0/0 @ 3.74 MB/s
    18:55:21.139 Scan finished successfully
    18:55:36.240 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
    18:55:36.287 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    Mostly what I think I saw, might be a false positive.


    ~~~~~~~~~~~~~~~~~~`
    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~~~~~~`

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura

    Please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    56

    Default

    Thanks for the reply Juliet! here are thye results of both scans:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.6.0
    # -------------------------------
    # Build: 12-18-2018
    # Database: 2018-12-21.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 12-21-2018
    # Duration: 00:00:01
    # OS: Windows 7 Professional
    # Cleaned: 1
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1335 octets] - [21/12/2018 16:11:59]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    RogueKiller Anti-Malware V13.0.17.0 [Dec 17 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits
    Started in : Normal mode
    User : Eric [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Standard Scan, Delete -- Date : 2018/12/21 16:37:17 (Duration : 00:17:04)

    いいいいいいいいいいいい Delete いいいいいいいいいいいい
    [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-176189476-422782663-3432535527-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1)
    [PUP.Gen0|PUP.Gen1 (Potentially Malicious)] Uninstall BitGuard.lnk -- %SystemDrive%\$Recycle.Bin\S-1-5-21-176189476-422782663-3432535527-1000\$R921XZV\Quarantine\rQF69AzBla\Uninstall BitGuard.lnk (lnk => C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe []) -> Deleted

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    Let's check for remnants


    Open Malwarebytes Anti-Malware

    click the Settings tab, then at the top choose Protection and tick Scan for rootkits.
    Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Nov 2007
    Posts
    56

    Default

    Sorry that took a while. First time I ran EEK, got a BSOD. Never had that before. Second time worked though. Here are the results:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/21/18
    Scan Time: 5:25 PM
    Log File: c15cb574-0577-11e9-b5c7-0026b9ded3d5.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.482
    Update Package Version: 1.0.8433
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Eric-PC\Eric

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 161330
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 7 min, 4 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
    OS: Windows 7 Service Pack 1 (Version 6.1, Build 7601, 32-bit Edition)

    Forensics log

    Date Component Action Details
    12/21/2018 6:13:41 PM Scanner Scan finished Scanned 70075 objects and found nothing.
    12/21/2018 6:07:28 PM User ERIC-PC\Eric Scan started Malware Scan
    12/21/2018 5:57:25 PM Scanner Scanning Is in progress.
    12/21/2018 5:56:32 PM User ERIC-PC\Eric Setting modified "Detect PUPs" has been changed to "Enabled".
    12/21/2018 5:56:32 PM User ERIC-PC\Eric Scan started Malware Scan
    12/21/2018 5:55:49 PM User Update Downloaded and installed 74 files (25327 kb) (1 min. 13 sec.).
    12/21/2018 5:54:36 PM Core Notification "Recommended Reading:5 Privacy tools to keep your data safe and secure during the holidays".
    12/21/2018 5:54:31 PM User Update Failed with error "Server returned error" (0 sec.).

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    56

    Default

    forgot to mention, MBAM has not detected anything in the last few scans I have done, even before getting on here for assistance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •