Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uninstall PCDr\6426


  • This topic is locked This topic is locked
22 replies to this topic

#1 kevlin94

kevlin94

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 24 March 2014 - 06:36 PM

I am having a heck of a time getting rid of this malware.  It keeps popping back, even after I run Compbofix.

 

This is my last run of combofix

 

ComboFix 14-03-24.01 - kturner 03/24/2014  14:32:59.14.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16257.13189 [GMT -7:00]
Running from: c:\users\kturner.LEHR\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\root\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\Kturner\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\kevinadmin\AppData\Local\temp
2014-03-24 21:38 . 2014-03-24 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-24 19:09 . 2014-03-24 19:09 -------- d-----w- c:\users\kturner.LEHR\AppData\Roaming\DigitalSites
2014-03-24 19:04 . 2014-03-24 19:15 -------- d-----w- c:\programdata\Fighters
2014-03-24 18:08 . 2014-03-24 21:17 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-24 18:07 . 2014-03-24 18:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-24 18:07 . 2014-03-24 18:07 -------- d-----w- c:\programdata\Malwarebytes
2014-03-24 18:07 . 2014-03-05 16:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-24 18:07 . 2014-03-05 16:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-24 18:07 . 2014-03-05 16:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-23 22:11 . 2014-03-23 22:11 -------- d-----w- c:\programdata\PCDr
2014-03-20 17:31 . 2014-03-20 17:31 -------- d-----w- c:\windows\SysWow64\NV
2014-03-20 17:31 . 2014-03-20 17:31 -------- d-----w- c:\windows\system32\NV
2014-03-20 17:23 . 2012-12-05 03:38 246784 ----a-w- c:\windows\system32\HP2030LM.DLL
2014-03-20 17:23 . 2012-12-05 03:35 131072 ----a-w- c:\windows\system32\HPMCoSetup.dll
2014-03-20 17:23 . 2012-12-03 23:07 182272 ----a-w- c:\windows\system32\hpsfs.dll
2014-03-20 16:39 . 2014-03-24 21:16 -------- d-----w- c:\windows\Migration
2014-03-20 16:37 . 2013-10-15 01:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-03-20 16:14 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-03-20 16:14 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-03-20 16:14 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-20 16:14 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-03-20 16:14 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-03-20 16:12 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-03-20 16:12 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-03-20 16:12 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2014-03-20 16:12 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2014-03-20 16:12 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-20 16:12 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-03-20 16:12 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-03-20 16:11 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-20 16:11 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-20 16:11 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-20 16:11 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-03-20 16:11 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-03-20 16:11 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-03-20 16:11 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-20 16:11 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-20 15:50 . 2014-03-17 17:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28CCB787-00BD-4CD5-A946-013B52EF9909}\mpengine.dll
2014-03-20 15:19 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-20 15:19 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-20 15:19 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-03-20 15:19 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-20 15:19 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-03-20 15:19 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-03-19 22:08 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-19 22:08 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-19 22:08 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-19 22:08 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 17:09 . 2014-03-12 17:09 -------- d-----w- c:\windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2014-03-12 17:09 . 2011-07-16 04:31 22128 ----a-w- c:\windows\system32\drivers\stdcfltn.sys
2014-03-12 17:01 . 2013-09-12 18:55 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-03-12 16:58 . 2010-09-15 23:00 17776 ----a-w- c:\windows\EvtMessage.dll
2014-03-12 16:58 . 2013-05-21 20:04 496432 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2014-03-12 16:58 . 2013-03-01 02:29 116056 ----a-w- c:\windows\system32\Vxdif.dll
2014-03-12 16:56 . 2013-03-27 22:59 89312 ----a-w- c:\windows\system32\drivers\ST_Accel.sys
2014-03-12 16:56 . 2013-03-27 22:57 66640 ----a-w- c:\windows\system32\stdcfltnco05.dll
2014-03-12 16:54 . 2013-02-23 01:40 792560 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2014-03-12 16:54 . 2013-02-23 01:40 358896 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2014-03-12 16:54 . 2013-02-23 01:40 20464 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2014-03-12 16:53 . 2013-08-16 10:21 551936 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2014-03-12 16:53 . 2014-03-12 16:54 -------- d-----w- c:\program files\IDT
2014-03-12 16:53 . 2013-08-16 10:21 697856 ------w- c:\windows\system32\stapi64.dll
2014-03-12 16:53 . 2013-08-16 10:21 499200 ----a-w- c:\windows\system32\stcplx64.dll
2014-03-12 16:53 . 2013-08-16 10:21 256000 ----a-w- c:\windows\system32\st646491.dll
2014-03-12 16:53 . 2013-08-16 10:21 2213376 ----a-w- c:\windows\system32\stapo64.dll
2014-03-12 16:25 . 2014-03-12 17:01 -------- d-----w- c:\users\kturner.LEHR\AppData\Local\Dell
2014-03-12 16:22 . 2014-03-12 16:22 -------- d-----w- c:\users\kturner.LEHR\AppData\Local\Microsoft Corporation
2014-03-12 16:18 . 2014-03-12 16:18 -------- d-----w- c:\users\kturner.LEHR\AppData\Roaming\Dell
2014-03-12 16:18 . 2014-03-12 16:18 -------- d-----w- c:\program files\Dell Support Center
2014-03-12 16:17 . 2014-03-12 16:18 -------- d-----w- c:\program files\My Dell
2014-03-12 16:14 . 2014-03-12 16:14 -------- d-----w- c:\users\kturner.LEHR\AppData\Roaming\PCDr
2014-03-12 15:53 . 2014-03-12 15:53 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-03-07 16:43 . 2014-03-07 16:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-07 16:43 . 2014-03-07 16:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-07 16:43 . 2014-03-07 16:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-07 16:43 . 2014-03-07 16:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-07 16:43 . 2014-03-07 16:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-07 16:42 . 2014-03-07 16:43 -------- d-----w- c:\program files (x86)\QuickTime
2014-02-28 19:08 . 2014-02-28 19:08 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 19:08 . 2014-02-28 19:08 -------- d-----w- c:\program files\iTunes
2014-02-28 19:08 . 2014-02-28 19:08 -------- d-----w- c:\program files (x86)\iTunes
2014-02-28 19:08 . 2014-02-28 19:08 -------- d-----w- c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 16:32 . 2012-12-10 04:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:32 . 2012-12-10 04:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-02 21:05 . 2013-07-10 21:53 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-02-11 21:08 . 2014-02-11 20:53 88984 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys
2014-02-11 17:32 . 2014-02-11 17:32 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-02-11 17:32 . 2014-02-11 17:32 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-02-11 17:32 . 2014-02-11 17:32 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-02-11 17:32 . 2014-02-11 17:32 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-02-11 17:32 . 2014-02-11 17:32 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-02-11 17:32 . 2014-02-11 17:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-11 17:32 . 2014-02-11 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-02-11 17:32 . 2014-02-11 17:32 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-02-11 17:32 . 2014-02-11 17:32 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-02-11 17:32 . 2014-02-11 17:32 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-02-11 17:32 . 2014-02-11 17:32 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-02-11 17:32 . 2014-02-11 17:32 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-02-11 17:32 . 2014-02-11 17:32 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-02-11 17:32 . 2014-02-11 17:32 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-02-11 17:32 . 2014-02-11 17:32 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-02-11 17:32 . 2014-02-11 17:32 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-11 17:32 . 2014-02-11 17:32 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-02-11 17:32 . 2014-02-11 17:32 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-02-11 17:32 . 2014-02-11 17:32 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-02-11 17:32 . 2014-02-11 17:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-02-11 17:32 . 2014-02-11 17:32 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-02-11 17:32 . 2014-02-11 17:32 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-02-11 17:32 . 2014-02-11 17:32 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-02-11 17:32 . 2014-02-11 17:32 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-02-11 17:32 . 2014-02-11 17:32 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-02-11 17:32 . 2014-02-11 17:32 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-11 17:32 . 2014-02-11 17:32 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-28 16:43 . 2014-01-28 16:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-28 16:43 . 2014-01-28 16:43 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-28 16:43 . 2014-01-28 16:43 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-01-28 16:43 . 2014-01-28 16:43 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-28 16:43 . 2014-01-28 16:43 189352 ----a-w- c:\windows\system32\java.exe
2014-01-28 16:43 . 2014-01-28 16:43 973736 ----a-w- c:\windows\system32\deployJava1.dll
2014-01-25 22:50 . 2013-03-15 03:43 608 --sha-w- c:\windows\system32\winzvprt5.sys
2014-01-18 00:24 . 2014-01-18 00:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24 . 2014-01-18 00:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}]
2013-03-19 04:14 708168 ----a-w- c:\progra~2\MAPSGA~2\bar\1.bin\39bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
c:\users\kturner.LEHR\AppData\Local\SySaver\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
c:\users\kturner.LEHR\AppData\Local\ArcadeParlor\Arcadeparlor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}]
2013-03-19 04:14 62864 ----a-w- c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [2013-03-19 708168]
.
[HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\kturner.LEHR\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2012-08-29 95744]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
"DellSystemDetect"="c:\users\kturner.LEHR\AppData\Local\Apps\2.0\0NWE60W6.N4K\9HOWOBAM.ZW5\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe" [2014-03-12 253952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-23 292088]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2012-07-18 313248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
.
c:\users\kevinadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\users\Kturner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\users\kturner.LEHR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2012-8-29 656896]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Automation Anywhere Event Watcher.lnk - c:\program files (x86)\Automation Anywhere 7.0\AutomationEventWatcher.exe [2013-8-19 679936]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2013-7-2 1283944]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-12-18 9894256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4220197171-1879147507-368003134-1148\Scripts\Logon\0\0]
"Script"=Login Script for L Share.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4220197171-1879147507-368003134-1659\Scripts\Logon\0\0]
"Script"=Login Script for L Share.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4220197171-1879147507-368003134-1678\Scripts\Logon\0\0]
"Script"=Login Script for L Share.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AAPIPAutologinService;Automation Anywhere Auto Login Service;c:\program files (x86)\Automation Anywhere 7.0\AAAutoLoginService.exe;c:\program files (x86)\Automation Anywhere 7.0\AAAutoLoginService.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LTService;QuickITPros Monitoring Service;c:\windows\LTSvc\LTSVC.exe;c:\windows\LTSvc\LTSVC.exe [x]
S2 LTSvcMon;QuickITPros Monitoring Service CheckUp Util;c:\windows\LTsvc\LTSvcMon.exe;c:\windows\LTsvc\LTSvcMon.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SCAppMgr;Smart Client Manager;c:\program files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe;c:\program files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 16:47 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 16:32]
.
2014-03-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-4220197171-1879147507-368003134-1659.job
- c:\users\kturner.LEHR\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-17 18:46]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 04:16]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 04:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\kturner.LEHR\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-08-24 4805936]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-10-24 2919168]
"HP LJ300-400 color MFP M375-M475 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2011-12-12 3706424]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-16 1703424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 442352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-12-04 2747680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: dell.com
Trusted Zone: docmagic.com\www
Trusted Zone: hola.org
Trusted Zone: pcmloan.com\los
TCP: DhcpNameServer = 192.168.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4220197171-1879147507-368003134-1659\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p*d*f*XCOORD\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-24  14:39:47
ComboFix-quarantined-files.txt  2014-03-24 21:39
ComboFix2.txt  2014-03-24 21:04
ComboFix3.txt  2014-03-24 18:57
ComboFix4.txt  2014-03-24 17:35
ComboFix5.txt  2014-03-24 21:32
.
Pre-Run: 373,443,002,368 bytes free
Post-Run: 373,114,097,664 bytes free
.
- - End Of File - - 0F7AF3A6A2D8871E345D6EA41B424ABE

 

I have also ran Malewarebyte

 

I need help, what can I do to get rid of this?
 


Edited by Chris Cosgrove, 24 March 2014 - 07:07 PM.
Moved to Virus, Trojan, Spyware, and Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:52 PM

Posted 24 March 2014 - 11:12 PM

Hello kevlin94,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • Once scan completes click Clean to remove anything found
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

    2.
    Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

    Please download Junkware Removal Tool to your desktop.
    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next Reply.
    3.
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Things to include in your next reply::
    AdwCleaner[S1].txt
    JRT.txt
    FRST.txt
    Addition.txt
    How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 11:17 AM

I have ran and attached the scan results.  My PC has allowed me to run google again..  It seems to be running better.

Attached Files



#4 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 11:24 AM

PCDr\6426 is still in my ProgramData directory



#5 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 11:25 AM

Thank you for your help



#6 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 11:27 AM

I was able to run google, but that has since stopped



#7 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 12:52 PM

Google has started working again.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:52 PM

Posted 25 March 2014 - 12:59 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Snap.Do Engine

Additional instructions can be found here if needed.

 

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.64KB   4 downloads

 

 

How is the machine running now?

 


Edited by fireman4it, 25 March 2014 - 01:01 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 01:17 PM

I am having difficulties uninstalling Snap.Do Engine.  I went to control panel, Programs and Features, Uninstall or Change Program, right clicked on Snap.Do Engine, Clicked on uninstall/change and nothing happens.



#10 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 01:22 PM

Please advise if I should run Step 2.  I have downloaded the file.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:52 PM

Posted 25 March 2014 - 01:48 PM

Go ahead with step 2 and let me know how the machine is running?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 01:51 PM

I have ran step 2 and the machine is running


I rebooted the computer



#13 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 01:52 PM

At Reboot, I didn't get my local profile screen, then I rebooted again, and got my profile login and screeen



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:52 PM

Posted 25 March 2014 - 02:00 PM

Can you please have patience and post the fixlog.txt that FRST created when it ran.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 kevlin94

kevlin94
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 March 2014 - 02:03 PM

This is the one that was generated

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users