Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Hachilem detected Quarantined by Norton360


  • Please log in to reply
10 replies to this topic

#1 drews247

drews247

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 01 January 2015 - 05:50 PM

Hi,

 

Today I was notified by Norton360 that on 12/13 it quarantined Trojan.Hachilem. I was wondering if I am still infected and what I can do to remove it completely.  I have WinPatrol and every time I reboot my computer WinPatrol alerts me to a new program that wants to run during my system startup.  It is an unknown program that is about 9 numbers. I keep blocking/denying it. I will post the exact numbers in a follow-up post next time I see it.  I have been suspicious, and should have done something when I first saw it.  

 

Thank you in advance for your help.

 

Happy New Year to all.

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:18 AM

Posted 01 January 2015 - 06:09 PM

You might be able to find the startup by using CCleaner. Install CCleaner, open it and click on Tools.

Choose Startups. On that page you will see a list of Windows Startups and at the top you will see buttons

for each browser and Tasks. At the bottom right of the page you will see a button when clicked will allow you to

Copy and Paste the lists of Startups for Windows and for each of those buttons at the top you click on. Please

post those lists of startups in your next post. If you recognize the culprit, simply click on it to highlight and then

on the right choose to Disable or remove if offered.

 

During the install of CCleaner pay close attention and UNcheck any offers of toolbars...especially Google.

No need to use the Registry Cleaner Tool....risky.

CCleaner - PC Optimization and Cleaning - Free Download

 

It would be a good idea to use the programs below to scan your computer for adware and malware.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE MBAM LOG FOR REVIEW.

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 02 January 2015 - 06:31 AM

Hi,

 

Here are all of my logs.

 

CC Cleaner: I did not see anything out of the ordinary in the startup list. Here is my log:

orm Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
Yes HKCU:Run Uploader Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
Yes HKCU:Run WinPatrol Ruiware LLC C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run Cisco AnyConnect Secure Mobility Agent for Windows Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Yes HKLM:Run CitrixReceiver "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
Yes HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Yes HKLM:Run DBAgent Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
Yes HKLM:Run Fastboot Lenovo C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
Yes HKLM:Run FUFAXSTM SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Kernel and Hardware Abstraction Layer Logitech, Inc. KHALMNPR.EXE
Yes HKLM:Run LENOVO.TPKNRRES Lenovo Group Limited C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Yes HKLM:Run LWS Logitech Inc. C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run PWMTRV rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Yes HKLM:Run Redirector Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
No HKLM:Run SDTray Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TpShocks Lenovo. TpShocks.exe
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Yes Startup Common Logitech SetPoint.lnk Logitech, Inc. C:\Program Files\Logitech\SetPoint\SetPoint.exe
 
Yes Extension Blog This Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Yes Extension LastPass LastPass C:\Program Files (x86)\LastPass\LPToolbar.dll
Yes Extension LastPass LastPass C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
Yes Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
No Helper Groove GFS Browser Helper Microsoft Corporation C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
No Helper Groove GFS Browser Helper Microsoft Corporation C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Yes Helper LastPass Vault LastPass C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
No Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
No Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll
No Helper Norton Vulnerability Protection Symantec Corporation C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL
No Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
No Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
No Helper Symantec VIP Access Add-On Symantec Corporation C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
No Helper Symantec VIP Access Add-On Symantec Corporation C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
No Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Yes Toolbar LastPass Toolbar LastPass C:\Program Files (x86)\LastPass\LPToolbar.dll
Yes Toolbar LastPass Toolbar LastPass C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
No Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
No Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll
 
Yes Extension Adblock Plus 2.6.6 Wladimir Palant default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Yes Extension Ghostery 5.4.1 Ghostery, Inc. default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\firefox@ghostery.com.xpi
Yes Extension HTTPS-Everywhere 4.0.2 Mike Perry, Peter Eckersley, & Yan Zhu default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\https-everywhere@eff.org
Yes Extension LastPass 3.1.54 LastPass Dev Team default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\support@lastpass.com
Yes Extension Microsoft .NET Framework Assistant 1.3.1 Microsoft default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
Yes Extension Norton Toolbar 2014.7.10.12 Symantec Corporation default-1350010211715 Firefox 34.0.5 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
Yes Extension NoScript 2.6.9.7 Giorgio Maone default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
No Extension Symantec VIP Access Add-On 2.0.5.0 VeriSign default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Symantec\VIP Access Client
Yes Extension WOT 20131118 WOT Services Oy default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
Yes Extension Xmarks 4.3.6 Todd Agulnick default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\foxmarks@kei.com
Yes Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Yes Plugin Citrix ICA Client 14.1.0.0 Citrix Systems, Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
Yes Plugin Citrix URL-Redirection Helper Plugin 14.1.0.0 Citrix Systems, Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
Yes Plugin Google Update 1.3.25.11 Google Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Java Deployment Toolkit 7.0.710.14 10.71.2.14 Oracle Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 7 U71 10.71.2.14 Oracle Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Yes Plugin Microsoft Office 2010 14.0.4730.1010 Microsoft Corporation default-1350010211715 Firefox 34.0.5 C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Yes Plugin Microsoft Office 2010 14.0.4761.1000 Microsoft Corporation default-1350010211715 Firefox 34.0.5 C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Yes Plugin Nitro PDF plugin for Firefox and Chrome 3.5.2.10 Nitro PDF default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
Yes Plugin RIM Handheld Application Loader 7.1.0.22 Research In Motion default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Yes Plugin Shockwave Flash 16.0.0.235 Adobe Systems Incorporated default-1350010211715 Firefox 34.0.5 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default-1350010211715 Firefox 34.0.5 c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin Windows Live Photo Gallery 15.4.3555.308 Microsoft Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
Yes App SlingPlayer Web Plug-in 2.4.0.113 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.113_0
Yes Extension Adblock Plus 1.8.8 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0
Yes Extension HTTPS Everywhere 2014.11.25 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.11.25_0
Yes Extension LastPass: Free Password Manager 3.1.77 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.77_0
Yes Extension Norton Identity Safe 1.0.5 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0
Yes Extension WOT 2.5.16 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0
Yes Extension Xmarks Bookmark Sync 1.0.28 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.28_0
No Plugin Adobe Acrobat 10.1.0.534 First user C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
Yes Plugin Chrome NaCl First user C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
Yes Plugin Chrome PDF Viewer First user C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
Yes Plugin Default Plug-in 1 First user default_plugin
Yes Plugin Google Update 1.3.21.57 First user C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
Yes Plugin Intel® Identity Protection Technology 2.0.59.0 First user C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
Yes Plugin Nitro PDF Plug-In 7.4.1.4 First user C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
Yes Plugin Norton Confidential 2012.1.0.30 First user C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
Yes Plugin Shockwave Flash 10,3,181,34 First user C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
Yes Plugin Silverlight Plug-In 4.0.50401.0 First user c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
Yes Plugin Windows Live Photo Gallery 15.4.3555.0308_ship.wlx.w4m4 (ship) First user C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DiskUpdate C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes Task Drew Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Drew\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Drew.nji"
Yes Task Drew DBAgent 2 0 Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"
Yes Task Drew Merge Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Drew\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Drew Merge.nji"
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task PMTask Lenovo Group Limited C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
Yes Task Seagate_Install_Launch Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated \Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes Task {3716F5F1-0938-4E3A-A352-7138CA78143F} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Drew\Downloads\win64_153329.exe -d C:\Users\Drew\Downloads
Yes Task {5E13B5BF-07DE-44AE-99D2-64F45465F560} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Drew\Downloads\windirstat1_1_2_setup.exe -d C:\Users\Drew\Downloads
 
Yes Directory DropboxExt Dropbox, Inc. C:\Users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
Yes Directory SkyDriveEx Microsoft Corporation C:\Users\Drew\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
Yes Drive Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\NavShExt.dll"
Yes File BUContextMenu Symantec Corporation C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll
Yes File DropboxExt Dropbox, Inc. C:\Users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
Yes File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
Yes File SDECon32 Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
Yes File SDECon64 Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
Yes File SkyDriveEx Microsoft Corporation C:\Users\Drew\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
Yes File SugarSync SugarSync, Inc. C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll
Yes File Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\NavShExt.dll"
Yes Folder BUContextMenu Symantec Corporation C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll
Yes Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder SDECon32 Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
Yes Folder SDECon64 Safer-Networking Ltd. C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
Yes Folder SugarSync SugarSync, Inc. C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll
Yes Folder Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\NavShExt.dll"
 
MBAM did not find anything.  
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/1/2015
Scan Time: 6:21:31 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.01.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Drew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368942
Time Elapsed: 18 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner. This one didn't appear to take too long, but when the clean, button turned black and was available for me to click, the application still said pending.  This was the log file when I clicked clean.  I think it was done even though it said pending.  I tried rerunning it later and it came up with nothing and still said pending after multiple hours of run time.  
# AdwCleaner v4.106 - Report created 01/01/2015 at 19:11:12
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Drew - DREW-THINKPADX
# Running from : C:\Users\Drew\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Partner Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\Util
File Deleted : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\searchplugins\safesearch.xml
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=retail&geo=US&ver=20&locale=en_US&tpr=111
[C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1660 octets] - [01/01/2015 18:47:35]
AdwCleaner[S0].txt - [1595 octets] - [01/01/2015 19:11:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1655 octets] ##########
 
 
I accidentally ran JRT the first time with Norton still on, so I reran it with it turned off.  When I ran it with Norton on, it found some stuff, but I do not think it was anything serious.  When I reran it it looks like it overwrote the first text file.  The second run did not find anything.  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Drew on Thu 01/01/2015 at 20:33:58.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/01/2015 at 20:38:07.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET. This took a really long time to complete. Well over 2.5 hours. I do not know if that is typical.
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140825_195230_DrewInc42\E\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Drew\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140804_205818_DrewInc39\C\Users\Drew\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20140914_210002_DrewInc46\C\Users\Drew\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141005_210001_DrewInc52\C\Users\Drew\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141102_210001_DrewInc57\C\Users\Drew\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141114_070440_DrewInc59\C\Users\Drew\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141130_210000_DrewInc62\C\Users\Drew\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Seagate Dashboard 2.0\DREW-THINKPADX\Drew\Backup\b2bfba90-483b-4330-b6b3-81f984690bb2\20141228_210001_DrewInc66\C\Users\Drew\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
 
Thanks
 
 


#4 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:18 AM

Posted 02 January 2015 - 10:45 AM

Suggest you uninstall Spybot S&D.....it has lost favor among security pros.

 

Disable these startups:  (click to highlight each item in CCleaner then on the right choose disable)

CCleaner64.exe" /MONITOR

Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

The Seagate Dashboard seems to be an in the cloud service for sharing files and backing up data. If you have no use for that

then disable all of Seagate Dashboard items. Note that Google adware is included in that service.

Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Yes HKLM:Run CitrixReceiver "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" (Unless you installed and use)
Yes HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup (Unless you installed and use)
Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
Yes HKLM:Run FUFAXSTM SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Redirector Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup (Unless you installed and use)
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Disable ALL startups listed for IE
 
Disable these Firefox startups:
Yes Extension Microsoft .NET Framework Assistant 1.3.1 Microsoft default-1350010211715 Firefox 34.0.5 C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\9dezfyrr.default-1350010211715\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
Yes Extension Norton Toolbar 2014.7.10.12 Symantec Corporation default-1350010211715 Firefox 34.0.5 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
Yes Plugin Google Update 1.3.25.11 Google Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Yes Plugin Citrix ICA Client 14.1.0.0 Citrix Systems, Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
Yes Plugin Citrix URL-Redirection Helper Plugin 14.1.0.0 Citrix Systems, Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
Yes Plugin Google Update 1.3.25.11 Google Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Yes Plugin Java Deployment Toolkit 7.0.710.14 10.71.2.14 Oracle Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
Yes Plugin Java™ Platform SE 7 U71 10.71.2.14 Oracle Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

Old Java programs are malware magnets. Most don't need Java. Use CCleaner to Uninstall Java...Tools > Uninstall> click to highlight old Java > uninstall

Yes Plugin Nitro PDF plugin for Firefox and Chrome 3.5.2.10 Nitro PDF default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll

(Firefox has its own PDF reader)

Yes Plugin RIM Handheld Application Loader 7.1.0.22 Research In Motion default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

Yes Plugin Windows Live Photo Gallery 15.4.3555.308 Microsoft Corporation default-1350010211715 Firefox 34.0.5 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
Disable these Chrome startups:
Yes App SlingPlayer Web Plug-in 2.4.0.113 Default C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.113_0

Yes Plugin Nitro PDF Plug-In 7.4.1.4 First user C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

es Plugin Windows Live Photo Gallery 15.4.3555.0308_ship.wlx.w4m4 (ship) First user C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

 

Disable these Tasks: (Unless you installed and use the Seagate Dashboard cloud services)

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DiskUpdate C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes Task Drew Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Users\Drew\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Drew.nji"
Yes Task Drew DBAgent 2 0 Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"
Yes Task Drew Merge Seagate Technology LLC "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" "C:\Users\Drew\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Drew Merge.nji"
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpd

Yes Task Seagate_Install_Launch Seagate Technology LLC C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 03 January 2015 - 12:44 AM

Hi,

 

I uninstalled Spybot. I now just have MBAM and SuperAntiSpyware for antimalware in addition to Norton360. What do you think of SuperAntiSpyware?

 

In regards to the startups:

I kept the Citrix, Seagate (because I use it for auto backup on my external drive) and Seiko (used for my Epson printer). I disabled the rest. I was not able to disable the Slingplayer for Chrome. CC said that some of the selected items cannot be disabled. because they may be protected by the browser.  Does that sound right to you?

 

What should I do next?

 

Thanks so much. 



#6 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:18 AM

Posted 03 January 2015 - 08:37 AM

SAS enjoys a good reputation. I think the consensus is that MBAM has the edge. I wouldn't recommend the need for

more than one of those to be active and in startup....a waste of resources and possibly a conflict..

 

There is a way to disable Sling player plugin or any plugin in Google Chrome. QUOTE: Plug-ins - Chrome Help

You can also completely disable specific plug-ins. Unlike blocked plug-ins, you won’t be able to allow the plug-in to run on a given page. When you visit a page with a disabled plug-in, you’ll see the message “Missing plug-in” appear in its place.

To disable plug-ins, visit the Plug-ins page at chrome://plugins/. Find the plug-in you’d like to disable and click Disable. You can also re-enable disabled plug-ins on this page.

You can also reach the Plug-ins page by clicking Disable individual plug-ins in the "Plug-ins" section of the Content Settings dialog.

 

Go to downloads and delete all of the CCleaner installer files....the .exe ones.

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 04 January 2015 - 03:58 PM

Do you see both SAS and MBAM running at Startup on my machine? Is it okay to have them both and just use them on an on-demand basis?

 

What do you mean by delete the CCleaner installer files? I just went to the downloads folder and deleted all of the files that were applications.  Is that the same thing?

 

Is Yes HKLM:Run Cisco AnyConnect Secure Mobility Agent for Windows Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized used for anything besides remote VPN? I do not use the VPN for a former application any more and would like to disable this, but I want to make sure it will not affect anything else.

 

Is there anything else I need to do? Did Norton pretty much protect me from the trojan, and what we are doing now is just cleanup and streamlining? 

 

Thanks



#8 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:18 AM

Posted 04 January 2015 - 04:50 PM

If I were using Windows I would want either MBAM or SAS running in the background. In other words, I would purchase one.

If you deleted the CCleaner downloads...the CCleaner files used to install...then that is what I suggested to do. The CCleaner.exe downloaded

files.

 

Norton seems to of helped.

 

Cisco AnyConnect Secure Mobility Solution At-a-Glance - at_a_glance_c45-578609.pdf

QUOTE:

Empower your employees to work from anywhere, on corporate laptops
as well as personal mobile devices regardless of physical location. And
provide the security necessary to help ensure that your organization’s
data is safe and protected. That’s what you get with the Cisco
AnyConnect® Secure Mobility Solution (Figure 1). Cisco AnyConnect
is a unified agent that delivers multiple security services to help enable

and protect the enterprise.

 

I think you are good to go. Enjoyed working with you....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 04 January 2015 - 04:59 PM

Thank you so much for your help!!!!!!  Pleasure working with you too.  



#10 drews247

drews247
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 04 January 2015 - 05:02 PM

One more question...Should I delete any of the applications that I downloaded? I already had CCleaner and MBAM. I like them both a lot.  I will look into purchasing the paid version of MBAM. I have free versions of CCleaner, MBAM and SAS. But what about all of the other programs we installed throughout this process?  Is there anything I need to do to delete or uninstall them?

 

Thanks.



#11 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:18 AM

Posted 04 January 2015 - 05:48 PM

If you decide to scan later with AdwCleaner or JRT they both will update before scanning. Or you can remove them.

 

Eset you can uninstall.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users