-
Browser redirects
A little background. This was my son's computer and he was having troubles with it for a while. He has since joined the Navy, so I naturally took his laptop and tried to clean it as best I could. I was forever getting different redirects in IE, most of them to fake Adobe Flashplayer update sites. After getting sick of seeing this about every 5 minutes, I completely wiped it out and re-installed Windows 7. even after a fresh install, still getting browser redirects, some to the fake Adobe site and others suggesting that my computer is infected. Here are my scans, looks like I may have an issue...:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Eric (administrator) on ERIC-PC (20-12-2018 18:34:10)
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-02-02] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-11-15] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9D84EDBD-2C82-4809-A6AD-CA2B80FF9AF8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C69D3F31-BF57-4F73-976B-79F7F692F8C5}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-176189476-422782663-3432535527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2012-04-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31648 2012-04-25] (Broadcom Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [172528 2018-10-22] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2404336 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [189424 2018-10-22] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-10-31] (PC-Doctor, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40296 2012-04-25] (Broadcom Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [30912 2018-05-08] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [30520 2018-05-08] (Dell Computer Corporation)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [56552 2018-10-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-12-20] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1321568 2012-08-17] (Ralink Technology Corp.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [18992 2015-01-09] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87728 2015-05-21] (STMicroelectronics)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-20 18:34 - 2018-12-20 18:34 - 000008913 _____ C:\Users\Eric\Desktop\FRST.txt
2018-12-20 18:33 - 2018-12-20 18:34 - 000000000 ____D C:\FRST
2018-12-20 18:32 - 2018-12-20 18:32 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-20 18:31 - 2018-12-20 18:31 - 000000207 _____ C:\Windows\tweaking.com-regbackup-ERIC-PC-Windows-7-Professional-(32-bit).dat
2018-12-20 18:31 - 2018-12-20 18:31 - 000000000 ____D C:\RegBackup
2018-12-20 18:30 - 2018-12-20 18:30 - 000017367 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-12-20 18:30 - 2018-12-20 18:30 - 000002201 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-12-20 18:30 - 2018-12-20 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-12-20 18:30 - 2018-12-20 18:30 - 000000000 ____D C:\Program Files\Tweaking.com
2018-12-20 18:29 - 2018-12-20 18:29 - 005198336 _____ (AVAST Software) C:\Users\Eric\Desktop\aswMBR.exe
2018-12-20 18:28 - 2018-12-20 18:28 - 005766144 _____ (Tweaking.com) C:\Users\Eric\Desktop\tweaking.com_registry_backup_setup.exe
2018-12-20 18:28 - 2018-12-20 18:28 - 001778176 _____ (Farbar) C:\Users\Eric\Desktop\FRST.exe
2018-12-19 22:46 - 2012-04-25 22:05 - 000308624 _____ C:\Windows\system32\brcmbsp.dll
2018-12-19 22:46 - 2012-04-25 22:05 - 000208264 _____ C:\Windows\system32\bipbsp.dll
2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\ProgramData\Broadcom
2018-12-19 22:45 - 2018-12-19 22:45 - 000000000 ____D C:\Program Files\Broadcom Corporation
2018-12-19 22:15 - 2018-12-19 22:51 - 000000000 ____D C:\Program Files\ST Microelectronics
2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ST_Accel_01009.Wdf
2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____D C:\Program Files\STMicroelectronics
2018-12-19 22:15 - 2018-12-19 22:15 - 000000000 ____D C:\Program Files\DIFX
2018-12-19 22:15 - 2015-05-21 15:04 - 000087728 _____ (STMicroelectronics) C:\Windows\system32\Drivers\ST_Accel.sys
2018-12-19 22:15 - 2015-05-21 15:04 - 000069808 _____ (ST Microelectronics) C:\Windows\system32\stdcfltnco08.dll
2018-12-19 22:15 - 2015-01-09 10:25 - 000018992 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
2018-12-19 21:58 - 2018-12-14 17:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-19 21:58 - 2018-12-14 00:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-19 21:58 - 2018-12-14 00:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-19 21:58 - 2018-12-14 00:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-19 21:58 - 2018-12-14 00:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-19 21:58 - 2018-12-14 00:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-19 21:58 - 2018-12-14 00:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-19 21:58 - 2018-12-14 00:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-19 21:58 - 2018-12-14 00:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-19 21:58 - 2018-12-14 00:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-19 21:58 - 2018-12-14 00:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-19 21:58 - 2018-12-14 00:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-19 21:58 - 2018-12-14 00:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-19 21:58 - 2018-12-14 00:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-19 21:58 - 2018-12-14 00:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-19 21:58 - 2018-12-14 00:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-19 21:58 - 2018-12-14 00:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-19 21:58 - 2018-12-14 00:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-19 21:58 - 2018-12-14 00:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-19 21:58 - 2018-12-14 00:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-19 21:58 - 2018-12-14 00:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-19 21:58 - 2018-12-14 00:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-19 21:58 - 2018-12-14 00:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-19 21:58 - 2018-12-14 00:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-19 21:58 - 2018-12-14 00:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-19 21:58 - 2018-12-14 00:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-19 21:58 - 2018-12-14 00:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-19 21:58 - 2018-12-14 00:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-19 21:58 - 2018-12-14 00:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-19 21:58 - 2018-12-14 00:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-19 21:58 - 2018-12-14 00:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-19 21:58 - 2018-12-14 00:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-19 21:58 - 2018-12-14 00:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-19 21:58 - 2018-12-13 23:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-19 21:58 - 2018-12-13 23:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-19 21:58 - 2018-12-13 23:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-14 16:26 - 2018-12-14 16:26 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-12-14 16:26 - 2018-12-14 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-12-14 16:26 - 2018-12-14 16:26 - 000000000 ____D C:\Program Files\iPod
2018-12-14 16:25 - 2018-12-14 16:26 - 000000000 ____D C:\Program Files\iTunes
2018-12-12 00:25 - 2018-12-05 20:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 00:25 - 2018-11-28 15:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-12 00:25 - 2018-11-28 15:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 00:25 - 2018-11-28 15:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-12 00:25 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-12 00:25 - 2018-11-28 15:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-12 00:25 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-12-12 00:25 - 2018-11-11 10:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 00:25 - 2018-11-11 10:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-12-12 00:25 - 2018-11-11 10:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 00:25 - 2018-11-11 10:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 00:25 - 2018-11-11 10:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 00:25 - 2018-11-11 10:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-12-12 00:25 - 2018-11-11 10:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-12 00:25 - 2018-11-11 10:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-12 00:25 - 2018-11-11 10:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-12 00:25 - 2018-11-11 10:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-12 00:25 - 2018-11-11 10:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-12 00:25 - 2018-11-11 10:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-12 00:25 - 2018-11-11 10:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-12 00:25 - 2018-11-11 10:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-12 00:25 - 2018-11-11 10:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-12 00:25 - 2018-11-11 10:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-12 00:25 - 2018-11-11 10:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-12 00:25 - 2018-11-11 10:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-12 00:25 - 2018-11-11 10:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-12 00:25 - 2018-11-11 10:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-12 00:25 - 2018-11-11 10:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-12 00:25 - 2018-11-11 10:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-12 00:25 - 2018-11-11 10:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-12 00:25 - 2018-11-11 10:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-12 00:25 - 2018-11-11 10:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-12 00:25 - 2018-11-11 10:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-12 00:25 - 2018-11-11 10:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-12-12 00:25 - 2018-11-11 10:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-12 00:25 - 2018-11-11 10:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-12 00:25 - 2018-11-08 10:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 00:25 - 2018-11-08 10:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 00:25 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-12 00:25 - 2018-11-08 10:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-12 00:25 - 2018-11-05 22:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 00:25 - 2018-10-06 09:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-12 00:25 - 2018-10-06 09:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 00:25 - 2018-10-06 09:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-12 00:25 - 2018-10-06 09:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-12 00:25 - 2018-10-06 09:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-12 00:25 - 2018-10-06 09:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-09 13:05 - 2018-12-09 13:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-09 13:05 - 2018-12-09 13:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-09 13:05 - 2018-12-09 13:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-09 13:05 - 2018-12-09 13:05 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Macromedia
2018-12-09 13:04 - 2018-12-09 13:15 - 000000000 ____D C:\Users\Eric\AppData\Local\Adobe
2018-12-05 05:40 - 2018-12-12 03:28 - 000269440 _____ C:\Windows\system32\FNTCACHE.DAT
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-20 17:55 - 2009-07-13 22:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-20 17:55 - 2009-07-13 22:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-20 17:46 - 2018-10-27 07:41 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2018-12-20 17:46 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-20 17:44 - 2018-10-28 14:23 - 000861668 _____ C:\Windows\ntbtlog.txt
2018-12-20 04:07 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\rescache
2018-12-19 22:46 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-12-19 22:15 - 2018-10-25 20:37 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-12-19 21:59 - 2009-07-13 20:37 - 000000000 ____D C:\PerfLogs
2018-12-19 21:37 - 2018-10-27 07:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-12-12 03:34 - 2018-10-25 19:09 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-12 03:08 - 2018-10-25 18:29 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 03:05 - 2018-10-25 18:29 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-10 16:04 - 2018-10-25 18:24 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-09 17:47 - 2009-07-13 20:04 - 000454774 ____R C:\Windows\system32\Drivers\etc\hosts.20181219-213350.backup
2018-11-26 01:36 - 2018-10-26 17:20 - 000000000 _____ C:\Windows\system32\SpyWareFolderstoFilter.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-14 00:16
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.12.2018
Ran by Eric (20-12-2018 18:34:58)
Running from C:\Users\Eric\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2018-10-25 23:35:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-176189476-422782663-3432535527-500 - Administrator - Disabled)
Eric (S-1-5-21-176189476-422782663-3432535527-1000 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-176189476-422782663-3432535527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176189476-422782663-3432535527-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell ControlVault Host Components Installer (HKLM\...\{718A9DB6-1B7D-4E40-AD74-E19FDAA8AFD5}) (Version: 2.2.509.141 - Broadcom Corporation)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iTunes (HKLM\...\{E9B408B4-59AE-4757-9054-8DD4A5768E5D}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0067 - ST Microelectronics)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-01] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {036B5D03-2569-4677-B4D2-B77EA1F60156} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {27996A72-3141-418F-9692-26E7DA846D94} - System32\Tasks\{6611DC6A-69C3-4005-A145-DB734DA6494A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe" -c launchui
Task: {349E65C3-7AAD-42CF-B63C-F85ADF906B78} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-09] (Adobe Systems Incorporated)
Task: {5338BC77-FEC1-4CAE-A26C-33B2E35D0BD9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {80350217-0A1D-4DD0-9B48-FC722D839B12} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {B4178062-61C8-4562-A3F9-73C5B2E369F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {E8345A4C-00BD-4AF4-A49F-91E2DC146AC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {EAA6EA38-CD1E-41AB-B22D-42C8362A2593} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {F858A576-13D3-4B70-9BF6-91BA8335FE00} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-11-01 05:28 - 2018-11-01 05:28 - 001042744 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-10-21 01:17 - 2018-10-21 01:17 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2018-11-29 13:42 - 2018-11-29 13:42 - 001042744 _____ () C:\Program Files\iTunes\libxml2.dll
2018-11-29 13:42 - 2018-11-29 13:42 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-27 07:48 - 2018-10-28 13:13 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-31 10:36 - 2018-10-31 10:36 - 002014024 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7943 more sites.
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-176189476-422782663-3432535527-1000\...\123simsen.com -> www.123simsen.com
There are 7943 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2018-12-19 21:33 - 000454774 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-176189476-422782663-3432535527-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C4248880-2FBE-4C65-BED6-5871FAB21BB6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CE77FDC7-76BF-42A4-AAE9-53AABBF7822A}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5822ED7D-134C-4890-B9BB-68A7B9A7B099}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FEAF54D-904A-4EFA-B5C7-F06E5A7DF2EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF355582-AA6A-4476-A5A8-A33E212A11DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
11-12-2018 05:58:46 Windows Update
12-12-2018 03:00:13 Windows Update
15-12-2018 07:36:23 Windows Update
18-12-2018 22:04:01 Windows Update
19-12-2018 22:15:05 Installed ST Microelectronics 3 Axis Digital Accelerometer SolutF
19-12-2018 22:45:01 Installed Dell ControlVault Host Components Installer.
20-12-2018 03:00:25 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2018 05:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.19230 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e94
Start Time: 01d4988400a6df19
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (12/19/2018 10:43:22 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Message>FileDialog returned path: C:\Users\Eric\Desktop</Message><SysInfo STag="8PLCRM1" SMBIOSMajVer="2" SMBIOSMinVer="6" SMBIOSBIOSVer="A17" SMBIOSPresent="True" Rel_Date="20170512000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6410" Ident_Num="ERIC-PC" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><HostIP>10.0.0.169</HostIP></Exception>
Error: (12/19/2018 10:43:13 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Message>FileDialog Started</Message><SysInfo STag="8PLCRM1" SMBIOSMajVer="2" SMBIOSMinVer="6" SMBIOSBIOSVer="A17" SMBIOSPresent="True" Rel_Date="20170512000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E6410" Ident_Num="ERIC-PC" TimeZone="(UTC-06:00) Central Time (US & Canada)" OSName="Microsoft Windows 7 Professional"/><HostIP>10.0.0.169</HostIP></Exception>
Error: (12/19/2018 08:53:55 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeLoadException: Could not find Windows Runtime type 'Windows.UI.Notifications.ToastNotificationManager'. ---> System.PlatformNotSupportedException: Operation is not supported on this platform.
--- End of inner exception stack trace ---
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.Notification.NotificationManager.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgentCore.SupportAssistProcessor.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.Bootstrapper.BootStrapper.SessionChangeAction(SessionChangeDescription changeDescription)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)
Error: (12/19/2018 08:27:36 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Failed to load protocol handler File. Error description: (HRESULT : 0x80041501).
Error: (12/19/2018 08:26:54 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)
Error: (12/19/2018 01:28:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.7.64.98, time stamp: 0x5ad9aa54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24291, time stamp: 0x5be78231
Exception code: 0x0eedfade
Fault offset: 0x0000845d
Faulting process id: 0x38c
Faulting application start time: 0x01d497d0f472e1fa
Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 3d6fafff-03c4-11e9-b92f-0026b9ded3d5
Error: (12/15/2018 08:59:16 AM) (Source: ESENT) (EventID: 482) (User: )
Description: taskhost (2796) WebCacheLocal: An attempt to write to the file "C:\Users\Eric\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 4521984 (0x0000000000450000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 8 (0x00000008): "Not enough storage is available to process this command. ". The write operation will fail with error -1011 (0xfffffc0d). If this error persists then the file may be damaged and may need to be restored from a previous backup.
System errors:
=============
Error: (12/20/2018 06:33:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:33:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:53 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:48 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/20/2018 06:32:45 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 3509.86 MB
Available physical RAM: 1981.59 MB
Total Virtual: 7018.09 MB
Available Virtual: 4710.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.01 GB) (Free:109.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 8958630B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-12-20 18:40:07
-----------------------------
18:40:07.426 OS Version: Windows 6.1.7601 Service Pack 1
18:40:07.426 Number of processors: 4 586 0x2502
18:40:07.426 ComputerName: ERIC-PC UserName: Eric
18:40:40.373 Initialize success
18:40:40.451 VM: initialized successfully
18:40:40.467 VM: Intel CPU supported
18:40:46.843 VM: disk I/O atapi.sys
18:43:20.856 AVAST engine defs: 17030301
18:43:32.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:43:32.979 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152627MB BusType: 3
18:43:33.151 Disk 0 MBR read successfully
18:43:33.167 Disk 0 MBR scan
18:43:33.229 Disk 0 Windows 7 default MBR code
18:43:33.229 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:43:33.354 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 80325
18:43:33.354 Disk 0 default boot code
18:43:33.401 Disk 0 scanning sectors +312576705
18:43:33.775 Disk 0 scanning C:\Windows\system32\drivers
18:43:58.298 Service scanning
18:44:41.354 Modules scanning
18:44:41.354 Disk 0 trace - called modules:
18:44:41.385 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
18:44:41.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865e0440]
18:44:41.401 3 CLASSPNP.SYS[8c00459e] -> nt!IofCallDriver -> [0x865e0a28]
18:44:41.417 5 stdcfltn.sys[8c5f18a4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856ec908]
18:44:42.181 AVAST engine scan C:\Windows
18:44:44.911 AVAST engine scan C:\Windows\system32
18:45:15.752 File: C:\Windows\system32\csrsrv.dll **INFECTED** Win32:Aluroot-B [Rtk]
18:51:07.308 AVAST engine scan C:\Windows\system32\drivers
18:51:30.474 AVAST engine scan C:\Users\Eric
18:53:02.065 AVAST engine scan C:\ProgramData
18:55:21.123 Disk 0 statistics 2366704/0/0 @ 3.74 MB/s
18:55:21.139 Scan finished successfully
18:55:36.240 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
18:55:36.287 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules