Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

IE closes and re-opens..screen goes black

This is a discussion on IE closes and re-opens..screen goes black within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there :) I came here last year for a similar problem and Chemist helped me out. Basically, for the


 
 
Thread Tools Search this Thread
Old 03-11-2018, 01:40 PM   #1
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Hi there :)

I came here last year for a similar problem and Chemist helped me out. Basically, for the past while and its been steadily getting worse, IE randomly closes and then re-opens for no reason.

Everything seems to be up to date on here. I have tried a few times to download DDS from the given link but it will not run as it says it can't run in compatability mode.

Last year when I downloaded it to the desktop, it worked fine.

Sorry, I cannot post any logs until I can get DDS to run...
Lassie is offline  
Sponsored Links
Advertisement
 
Old 03-11-2018, 06:17 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-12-2018, 11:41 AM   #3
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 12 18:23:03 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\convertersnow.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3b3ehuo35wzeh.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4256 B] - [2017/5/9 11:18:59]
C:/AdwCleaner/AdwCleaner[S0].txt - [3978 B] - [2017/5/9 11:14:4]
C:/AdwCleaner/AdwCleaner[S1].txt - [1975 B] - [2018/3/12 18:22:24]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by Moira (administrator) on MAR (12-03-2018 18:31:18)
Running from C:\Users\Moira\Desktop
Loaded Profiles: Moira (Available Profiles: Moira)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-02-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Amazon Music] => C:\Users\Moira\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify Web Helper] => C:\Users\Moira\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [Spotify] => C:\Users\Moira\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-19] (Spotify Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [EPSON PX710W Series (Copy 1)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-11-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2017-04-28]
ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9DE8BD5-9B88-4508-AE95-560D23A7CE19}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {F0DDF1F8-0CAD-4A90-9F15-41D22234A4EA} hxxps://lloydslink.online.lloydsbank.com/thinlink/cabfiles/tcalnk32.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:
========
FF ProfilePath: C:\Users\Moira\AppData\Roaming\Mozilla\Firefox\Profiles\CHXLMILb.default [2017-09-28]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default [2018-03-12]
CHR Extension: (Google Slides) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-28]
CHR Extension: (Docs) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-28]
CHR Extension: (Google Drive) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-28]
CHR Extension: (YouTube) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]
CHR Extension: (Gmail) - C:\Users\Moira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-14] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1136744 2018-03-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-03-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-03-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1533608 2018-03-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [449240 2018-02-05] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [178840 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169864 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-09-14] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\windows\System32\Drivers\avusbflt.sys [38048 2017-09-14] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-12 18:31 - 2018-03-12 18:32 - 000016585 _____ C:\Users\Moira\Desktop\FRST.txt
2018-03-12 18:30 - 2018-03-12 18:30 - 002402816 _____ (Farbar) C:\Users\Moira\Desktop\FRST64.exe
2018-03-12 18:28 - 2018-03-12 18:29 - 001763328 _____ (Farbar) C:\Users\Moira\Desktop\FRST.exe
2018-03-12 18:19 - 2018-03-12 18:19 - 008222496 _____ (Malwarebytes) C:\Users\Moira\Desktop\AdwCleaner.exe
2018-03-11 20:37 - 2018-03-11 20:37 - 000688992 _____ (Swearware) C:\Users\Moira\Downloads\dds.scr
2018-03-05 20:21 - 2018-03-05 20:20 - 000080300 _____ C:\Users\Moira\Desktop\Gift Aid Form 1st Fraserburgh Scout Group.pdf
2018-03-04 17:32 - 2018-03-05 11:51 - 000338267 _____ C:\Users\Moira\Desktop\Buttery 2018 flowers no background.pdf
2018-03-04 15:56 - 2018-03-04 15:56 - 000393091 _____ C:\Users\Moira\Desktop\Buttery 2018a.pdf
2018-03-04 15:21 - 2018-03-04 15:37 - 000397415 _____ C:\Users\Moira\Desktop\Buttery 2018.pdf
2018-03-03 14:48 - 2018-03-03 15:03 - 000329957 _____ C:\Users\Moira\Desktop\Buttery morning poster 2018 for FB.pdf
2018-03-03 13:07 - 2018-03-03 14:31 - 000454553 _____ C:\Users\Moira\Desktop\Buttery morning poster 2018.pdf
2018-03-03 11:12 - 2018-03-03 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-03-03 11:10 - 2018-03-03 11:10 - 000001770 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-03-03 11:10 - 2018-03-03 11:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-03-03 11:10 - 2018-03-03 11:10 - 000000000 ____D C:\Program Files\iPod
2018-03-03 11:09 - 2018-03-03 11:10 - 000000000 ____D C:\Program Files\iTunes
2018-02-27 21:09 - 2018-02-27 21:09 - 000025241 _____ C:\Users\Moira\Downloads\Minutes-of-AGM-17-Sept-2017.odt
2018-02-26 22:20 - 2018-02-26 22:20 - 000025241 _____ C:\Users\Moira\Desktop\Minutes-of-AGM-17-Sept-2017.odt
2018-02-23 22:00 - 2018-02-23 22:00 - 000001143 _____ C:\Users\Public\Desktop\Avira.lnk
2018-02-14 21:10 - 2018-02-10 08:44 - 025740288 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-02-14 21:10 - 2018-02-10 07:19 - 002900480 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-02-14 21:10 - 2018-02-10 07:16 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-02-14 21:10 - 2018-02-10 07:16 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-02-14 21:10 - 2018-02-10 07:09 - 005782016 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-02-14 21:10 - 2018-02-10 07:06 - 000816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-02-14 21:10 - 2018-02-10 06:48 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-02-14 21:10 - 2018-02-10 06:46 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-02-14 21:10 - 2018-02-10 06:36 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-02-14 21:10 - 2018-02-10 06:36 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-02-14 21:10 - 2018-02-10 06:34 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-02-14 21:10 - 2018-02-10 06:32 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-02-14 21:10 - 2018-02-10 06:27 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-02-14 21:10 - 2018-02-10 06:20 - 020274176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-02-14 21:10 - 2018-02-10 06:14 - 001546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-02-14 21:10 - 2018-02-10 05:57 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-02-14 21:10 - 2018-02-10 05:56 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-02-14 21:10 - 2018-02-10 05:54 - 002294272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-02-14 21:10 - 2018-02-10 05:49 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-02-14 21:10 - 2018-02-10 05:35 - 004498944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-02-14 21:10 - 2018-02-10 05:35 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-02-14 21:10 - 2018-02-10 05:35 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-02-14 21:10 - 2018-02-10 05:33 - 013680640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-02-14 21:10 - 2018-02-10 05:29 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-02-14 21:10 - 2018-02-10 05:27 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-02-14 21:10 - 2018-02-10 05:27 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-02-14 21:10 - 2018-02-10 05:14 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-02-14 21:10 - 2018-02-10 05:10 - 001314304 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-02-14 21:10 - 2018-02-03 06:04 - 000686592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-02-14 21:10 - 2018-02-03 06:03 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-02-14 21:10 - 2018-02-02 23:53 - 007408984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-02-14 21:10 - 2018-01-21 11:54 - 000419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-02-14 21:10 - 2018-01-21 11:09 - 000145080 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-02-14 21:10 - 2018-01-21 06:13 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-02-14 21:10 - 2018-01-21 06:13 - 001569280 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000654336 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000604672 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000450048 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000378880 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-02-14 21:10 - 2018-01-21 06:13 - 000236544 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-02-14 21:10 - 2018-01-13 01:18 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-02-14 21:10 - 2018-01-12 21:42 - 000376664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2018-02-14 21:10 - 2018-01-12 18:31 - 004690944 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2018-02-14 21:10 - 2018-01-12 17:35 - 003553280 _____ (Microsoft Corporation) C:\windows\SysWOW64\xpsrchvw.exe
2018-02-14 21:10 - 2018-01-11 18:19 - 000032384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-02-14 21:10 - 2018-01-11 17:56 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-02-14 21:10 - 2018-01-11 17:07 - 000748032 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-02-14 21:10 - 2018-01-09 06:21 - 004168704 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-02-14 21:10 - 2018-01-09 06:18 - 000401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-02-14 21:10 - 2017-12-15 12:23 - 000276312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2018-02-14 21:10 - 2017-12-05 16:52 - 000242176 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2018-02-14 21:10 - 2017-12-05 16:45 - 000194560 _____ (Microsoft Corporation) C:\windows\system32\SCardSvr.dll
2018-02-14 21:10 - 2017-12-05 16:42 - 000079360 _____ (Microsoft Corporation) C:\windows\system32\SCardDlg.dll
2018-02-14 21:10 - 2017-12-05 16:32 - 000169984 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2018-02-14 21:10 - 2017-12-05 16:10 - 000361472 _____ (Microsoft Corporation) C:\windows\system32\rdpclip.exe
2018-02-14 21:10 - 2017-12-05 16:02 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2018-02-14 21:10 - 2017-12-05 15:58 - 000132608 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2018-02-14 21:10 - 2017-12-05 15:24 - 000165376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdrom.sys
2018-02-14 21:10 - 2017-12-02 03:04 - 000082944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-02-14 21:10 - 2017-11-24 21:58 - 002608640 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2018-02-14 21:10 - 2017-11-24 21:46 - 002170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2018-02-14 21:09 - 2018-02-10 07:06 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-02-14 21:09 - 2018-02-10 06:47 - 000145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2018-02-14 21:09 - 2018-02-10 06:41 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-02-14 21:09 - 2018-02-10 06:02 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-02-14 21:09 - 2018-02-10 05:49 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-02-14 21:09 - 2018-02-10 05:35 - 000128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2018-02-14 21:09 - 2018-02-10 05:32 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-02-14 21:09 - 2018-02-10 05:08 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-02-14 21:09 - 2018-02-01 18:51 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-02-14 21:09 - 2017-12-05 16:56 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scfilter.sys
2018-02-14 21:09 - 2017-11-24 21:56 - 000285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2018-02-14 21:09 - 2017-11-24 21:44 - 000236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-12 18:31 - 2017-05-09 11:27 - 000000000 ____D C:\FRST
2018-03-12 18:29 - 2017-05-09 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-12 18:28 - 2014-06-28 17:18 - 000003762 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E25012D7-3390-47E0-B0A1-D80A2DD8C2A5}
2018-03-12 18:27 - 2014-06-28 16:49 - 000000000 ___DO C:\Users\Moira\SkyDrive
2018-03-12 18:24 - 2013-08-22 14:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-12 18:23 - 2014-03-05 17:32 - 000033280 _____ C:\windows\system32\VfService.trf
2018-03-12 18:23 - 2013-08-22 13:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-03-12 18:12 - 2014-06-29 19:46 - 000000000 ____D C:\Users\Moira\Documents\Outlook Files
2018-03-11 19:06 - 2016-03-21 17:48 - 000000000 ____D C:\Users\Moira\AppData\Local\92202143-C807-4E07-B38A-BC6C26A6A17B.aplzod
2018-03-11 18:39 - 2014-08-24 21:44 - 000000000 ____D C:\Users\Moira\AppData\Local\CrashDumps
2018-03-11 18:03 - 2015-11-13 18:03 - 000000260 _____ C:\windows\Tasks\Epson Printer Software Downloader.job
2018-03-08 15:54 - 2013-08-22 13:36 - 000000000 ____D C:\windows\Inf
2018-03-05 20:21 - 2017-07-15 15:33 - 000000000 ____D C:\Users\Moira\AppData\Local\CutePDF Writer
2018-03-04 14:46 - 2015-08-23 20:18 - 003247616 ___SH C:\Users\Moira\Desktop\Thumbs.db
2018-03-03 15:07 - 2014-06-28 16:50 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1456974907-2201685202-3690727835-1002
2018-03-03 13:13 - 2016-03-21 17:48 - 000000000 ___RD C:\Users\Moira\iCloudDrive
2018-03-01 19:33 - 2017-09-28 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-02-26 22:06 - 2014-12-23 22:30 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 20:20 - 2015-05-02 19:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-25 16:45 - 2013-08-22 15:36 - 000000000 ____D C:\windows\AppReadiness
2018-02-23 22:00 - 2014-03-05 16:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-18 21:34 - 2013-08-22 14:44 - 000507968 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-18 21:21 - 2016-01-07 17:02 - 000000000 ____D C:\windows\system32\appraiser
2018-02-15 21:05 - 2014-06-29 22:08 - 000000000 ____D C:\windows\system32\MRT
2018-02-15 21:05 - 2013-08-22 15:20 - 000000000 ____D C:\windows\CbsTemp
2018-02-15 21:01 - 2017-10-13 11:36 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-02-15 21:01 - 2014-06-29 22:08 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-02 19:15

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (40.5 KB, 4 views)
Lassie is offline  
Sponsored Links
Advertisement
 
Old 03-13-2018, 03:14 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Lassie. Not seeing anything malicious here. You will need to seek help in one of our other forums once we are done here.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

https://windows.microsoft.com/en-us/w...recovery-drive

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {79E6C5DA-3549-4F2C-A653-F61B4EE8B0F5} - System32\Tasks\McAfee\McAfee Idle Detection Task
    AlternateDataStreams: C:\windows:nlsPreferences [386]
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
    BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-14-2018, 01:07 PM   #5
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



Here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Moira (14-03-2018 16:47:08) Run:3
Running from C:\Users\Moira\Desktop
Loaded Profiles: Moira (Available Profiles: Moira)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {79E6C5DA-3549-4F2C-A653-F61B4EE8B0F5} - System32\Tasks\McAfee\McAfee Idle Detection Task
AlternateDataStreams: C:\windows:nlsPreferences [386]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1456974907-2201685202-3690727835-1002 -> {436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} URL =
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79E6C5DA-3549-4F2C-A653-F61B4EE8B0F5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79E6C5DA-3549-4F2C-A653-F61B4EE8B0F5}" => removed successfully
C:\windows\System32\Tasks\McAfee\McAfee Idle Detection Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => not found
C:\windows => ":nlsPreferences" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-1456974907-2201685202-3690727835-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9}" => removed successfully
HKLM\Software\Classes\CLSID\{436A5558-1E8E-4E2C-BA31-B4D8FE8646C9} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
"HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt" => removed successfully
HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32928842 B
Java, Flash, Steam htmlcache => 14448 B
Windows/system/drivers => 5103642 B
Edge => 0 B
Chrome => 152263 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 6339 B
systemprofile32 => 128 B
LocalService => 2724976 B
NetworkService => 0 B
Moira => 1678328435 B

RecycleBin => 41406423 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================
Lassie is offline  
Old 03-15-2018, 07:08 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Lassie. Any improvement in behavior?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-17-2018, 05:38 AM   #7
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



No threats were found and it did not produce any logfile.

IE pages seem much better, they no longer seem to go back and restore themselves.
Lassie is offline  
Old 03-18-2018, 05:46 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Lassie. Glad to hear it.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-us/...backup-restore

https://blogs.technet.com/b/keithmay...poftheday.aspx

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-21-2018, 05:42 AM   #9
Registered Member
 
Join Date: Aug 2006
Location: NE Scotland
Posts: 54
OS: Windows 8.1



That's great, thanks for your help Chemist :)
Lassie is offline  
Old 03-22-2018, 03:46 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Lassie! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:02 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts