Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop really slow and wont allow me to run frst


  • Please log in to reply
22 replies to this topic

#1 Jadedonentn

Jadedonentn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 13 March 2015 - 03:06 PM

Hi! My laptop has become really slow. I ran the dds scan and have that log. Also I cant do windows update, it installs them but when it says its configuring windows it runs into a problem then reverts and takes me back to the log in screen. I downloaded and ran adware as well as the JRT and both it removed several items. Malware bytes and Trend Micros housecall both come up clean. My laptop ran a little better afterwards but its still really slow. Thank you in advance for any help! Here are my FRST logs:

 

 

 

 

It says it is too long... I hope its ok that I'm just attaching both instead, sorry

Attached Files


Edited by Jadedonentn, 13 March 2015 - 03:39 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 14 March 2015 - 06:53 AM

Hello Jadedonentn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 14 March 2015 - 07:38 AM

Hi Jadedonentn,

Step 1:
 FRST Script:
 Please download this attached txt.gif  fixlist.txt   4.63KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on DELETE
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 14 March 2015 - 10:20 AM

Hi and thank you for your help! Here are the requested logs:

 

FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Brandi at 2015-03-14 08:48:45 Run:1
Running from C:\Users\Brandi\Desktop
Loaded Profiles: Brandi (Available profiles: Brandi & Shaun)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
 Task: {1C5B41E7-4714-4B27-8181-894EFE201D0D} - System32\Tasks\{265200F5-B792-476E-A5C3-5A36BECCDDD1} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.156.261&LastError=12007
Task: {DCF2EDA9-F75D-46E5-8C8A-FCE295E2CF5F} - System32\Tasks\{A496A969-FD00-406C-AB22-4647C986744F} => pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Brandi.job => C:\Users\Brandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Brandi.job => C:\Users\Brandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McAfee SiteAdvisor Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McMPFSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mcmscsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNaiAnn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNASvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McODS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mfefire
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2764179678-3319802143-1364906947-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {D6EE4713-780C-4AA9-A375-CF6F250614FA} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6E22F757-1D63-43E0-8454-291583F79E20} URL = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2764179678-3319802143-1364906947-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
FF ProfilePath: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Profiles\vmn4luar.default-1426274548648
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.Retrogamer_2z.com/Plugin -> C:\Program Files (x86)\Retrogamer_2zEI\Installr\1.bin\NP2zEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Swiki_LI - C:\Program Files (x86)\Mozilla Firefox\extensions\swiki_li@swiki.com.xpi [2015-01-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\Trend Micro
2015-03-11 20:13 - 2015-03-11 20:13 - 00402656 _____ () C:\Users\Brandi\Downloads\msert(1).exe
2015-02-12 20:45 - 2015-02-12 20:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-11 16:31 - 2015-02-11 16:46 - 00000000 ____D () C:\15b6f2e68fb82f8b42df101f6af4
2015-03-13 13:43 - 2015-02-06 13:52 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Brandi.job
2015-02-13 18:10 - 2015-02-13 18:10 - 0000036 _____ () C:\Users\Brandi\AppData\Local\housecall.guid.cache
C:\Users\Brandi\LaunchMsi.exe
C:\Users\Brandi\AppData\Local\Temp\Quarantine.exe
C:\Users\Brandi\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:





*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C5B41E7-4714-4B27-8181-894EFE201D0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C5B41E7-4714-4B27-8181-894EFE201D0D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{265200F5-B792-476E-A5C3-5A36BECCDDD1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{265200F5-B792-476E-A5C3-5A36BECCDDD1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCF2EDA9-F75D-46E5-8C8A-FCE295E2CF5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF2EDA9-F75D-46E5-8C8A-FCE295E2CF5F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A496A969-FD00-406C-AB22-4647C986744F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A496A969-FD00-406C-AB22-4647C986744F}" => Key deleted successfully.
C:\Windows\Tasks\ReclaimerUpdateFiles_Brandi.job => Moved successfully.
C:\Windows\Tasks\ReclaimerUpdateXML_Brandi.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McAfee SiteAdvisor Service => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McMPFSvc => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mcmscsvc => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNaiAnn => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McNASvc => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McODS => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McProxy => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\mfefire => Error: No automatic fix found for this entry.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2764179678-3319802143-1364906947-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6EE4713-780C-4AA9-A375-CF6F250614FA}" => Key deleted successfully.
HKCR\CLSID\{D6EE4713-780C-4AA9-A375-CF6F250614FA} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6E22F757-1D63-43E0-8454-291583F79E20}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6E22F757-1D63-43E0-8454-291583F79E20} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
FF ProfilePath: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Profiles\vmn4luar.default-1426274548648 => Should not be moved.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\swiki_li@swiki.com.xpi => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpeeepmahhfjiediknjejcmcfmjcjdck" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkdkpmmkgdbglmfmmmmehbkmnkopingb" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
McComponentHostService => Service deleted successfully.
catchme => Service not found.
C:\Program Files (x86)\Trend Micro => Moved successfully.
C:\Users\Brandi\Downloads\msert(1).exe => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\15b6f2e68fb82f8b42df101f6af4 => Moved successfully.
"C:\Windows\Tasks\ReclaimerUpdateXML_Brandi.job" => File/Directory not found.
C:\Users\Brandi\AppData\Local\housecall.guid.cache => Moved successfully.
C:\Users\Brandi\LaunchMsi.exe => Moved successfully.
"C:\Users\Brandi\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Brandi\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => Removed 167 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:51:47 ====

 

 

 

# AdwCleaner v4.112 - Logfile created 14/03/2015 at 09:02:10
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brandi - BRANDI-PC
# Running from : C:\Users\Brandi\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18751


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.89


*************************

AdwCleaner[R0].txt - [305 bytes] - [12/03/2015 12:00:16]
AdwCleaner[R1].txt - [6220 bytes] - [12/03/2015 12:39:51]
AdwCleaner[R2].txt - [1058 bytes] - [12/03/2015 20:40:48]
AdwCleaner[R3].txt - [1085 bytes] - [14/03/2015 08:45:13]
AdwCleaner[R4].txt - [1144 bytes] - [14/03/2015 09:00:07]
AdwCleaner[S0].txt - [6254 bytes] - [12/03/2015 12:42:40]
AdwCleaner[S1].txt - [1127 bytes] - [12/03/2015 20:47:48]
AdwCleaner[S2].txt - [1072 bytes] - [14/03/2015 09:02:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1131  bytes] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Brandi on Sat 03/14/2015 at  9:09:17.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Brandi\AppData\Roaming\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/14/2015 at  9:15:09.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/14/2015
Scan Time: 9:16:43 AM
Logfile: malware log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.14.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brandi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415904
Time Elapsed: 55 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 14 March 2015 - 06:16 PM

Hi Jadedonentn,

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt
 
Step 2:
 
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 14 March 2015 - 07:57 PM

Here are those logs:

 

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/14/2015 07:49:26 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/14/2015 07:52:27 PM
Execution time: 0 hours(s), 4 minute(s), and 0 seconds(s)
 

 

 

Attached Files


Edited by Jadedonentn, 14 March 2015 - 08:20 PM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2015 - 06:57 AM

Rkill?
I did not want Rkill !

Please post RogueKiller.Log

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 15 March 2015 - 07:04 AM

Sorry.. seems I downloaded the wrong thing. I'm downloading the roguekiller now & will post shortly, thank you!



#9 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 15 March 2015 - 07:34 AM

Help please.. I ran the rogue killer then closed the program when it finished without deleting anything but it did not give me a log. I searched everywhere for the log but cant find one.



#10 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 15 March 2015 - 07:47 AM

I figured it out.. here is the report:

 

 

 

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brandi [Administrator]
Started from : C:\Users\Brandi\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/15/2015  07:44:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 28 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\ReclaimerUpdateFiles_Brandi -- C:\Users\Brandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe (/UpdateFiles) -> Found
[Suspicious.Path] \\ReclaimerUpdateXML_Brandi -- C:\Users\Brandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe (/UpdateXML) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] a4d23e1f3c9f6ab870ac71a947ecc07a
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03152015_072545.log



#11 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2015 - 11:47 AM

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

Please follow the below steps to disable "Teredo" and report whether it helps.
1- Open an elevated "command prompt"
http://www.bleepingcomputer.com/tuto...ommand-prompt/
2- Type the below commands exactly and press "Enter" key.
netsh interface teredo set state disabled
Reboot the system when completed.

----------------------------------------------------------------------------------------

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 15 March 2015 - 03:50 PM

Here is the Combofix report:

 

ComboFix 15-03-14.03 - Brandi 03/15/2015  15:31:33.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2933.1822 [GMT -5:00]
Running from: c:\users\Brandi\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-15 to 2015-03-15  )))))))))))))))))))))))))))))))
.
.
2015-03-15 20:42 . 2015-03-15 20:42    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-03-15 20:42 . 2015-03-15 20:42    --------    d-----w-    c:\users\Shaun\AppData\Local\temp
2015-03-15 20:42 . 2015-03-15 20:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-03-15 12:08 . 2015-03-15 12:37    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-03-15 12:08 . 2015-03-15 12:27    --------    d-----w-    c:\programdata\RogueKiller
2015-03-14 23:30 . 2015-03-15 00:47    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-14 17:08 . 2015-03-14 17:09    --------    d-----w-    c:\users\Brandi\AppData\Roaming\PCDr
2015-03-14 17:05 . 2015-03-14 17:05    --------    d-----w-    c:\programdata\PCDr
2015-03-14 02:33 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2015-03-14 02:33 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2015-03-13 20:23 . 2015-03-14 15:40    --------    d-----w-    C:\FRST
2015-03-13 20:14 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2015-03-13 20:14 . 2014-07-09 01:31    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2015-03-13 20:14 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2015-03-13 20:14 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2015-03-13 20:14 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2015-03-13 20:14 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2015-03-13 20:14 . 2014-07-09 01:31    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
2015-03-13 20:13 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-03-13 20:13 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2015-03-13 20:13 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2015-03-13 20:13 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2015-03-13 20:01 . 2015-02-03 03:31    1424896    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-03-13 20:01 . 2015-02-03 03:12    1230848    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2015-03-13 20:00 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-03-13 20:00 . 2015-02-04 02:54    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-03-13 14:50 . 2015-03-13 14:50    --------    d-----w-    c:\users\Brandi\AppData\Roaming\PDAppFlex
2015-03-12 20:51 . 2015-03-12 20:51    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2015-03-12 20:21 . 2015-03-12 20:39    --------    d-----w-    c:\program files\Adobe
2015-03-12 20:08 . 2015-03-12 20:47    --------    d-----w-    c:\program files\Common Files\Adobe
2015-03-12 19:55 . 2015-03-12 19:55    --------    d-----r-    c:\users\Brandi\Creative Cloud Files
2015-03-12 17:00 . 2015-03-14 14:02    --------    d-----w-    C:\AdwCleaner
2015-03-12 06:19 . 2015-02-03 03:19    663552    ----a-w-    c:\windows\system32\drivers\PEAuth.sys
2015-03-12 06:12 . 2015-02-03 03:31    215552    ----a-w-    c:\windows\system32\ubpm.dll
2015-03-12 06:11 . 2015-02-10 14:59    386048    ----a-w-    c:\windows\SysWow64\html.iec
2015-03-12 06:09 . 2015-01-17 02:48    1067520    ----a-w-    c:\windows\system32\msctf.dll
2015-03-12 06:09 . 2015-01-17 02:30    828928    ----a-w-    c:\windows\SysWow64\msctf.dll
2015-03-12 06:07 . 2015-02-26 03:25    3204096    ----a-w-    c:\windows\system32\win32k.sys
2015-03-12 03:29 . 2015-03-12 03:29    688992    ----a-w-    c:\program files\dds.com
2015-03-12 03:09 . 2015-03-12 03:09    388096    ----a-r-    c:\users\Brandi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-03-11 23:30 . 2013-10-14 23:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2015-03-11 19:20 . 2015-03-11 19:20    --------    d-----w-    c:\programdata\Package Cache
2015-03-09 18:56 . 2015-01-09 03:14    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-03-09 18:56 . 2015-01-09 03:14    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-03-09 18:56 . 2015-01-09 03:14    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-03-09 18:56 . 2015-01-09 02:48    76800    ----a-w-    c:\windows\SysWow64\wdi.dll
2015-03-01 19:13 . 2014-10-04 02:10    3722752    ----a-w-    c:\windows\system32\mstscax.dll
2015-03-01 19:13 . 2014-10-04 01:42    3221504    ----a-w-    c:\windows\SysWow64\mstscax.dll
2015-03-01 19:13 . 2014-10-04 01:42    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2015-03-01 19:13 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2015-03-01 19:13 . 2014-10-30 01:45    155136    ----a-w-    c:\windows\SysWow64\charmap.exe
2015-03-01 19:13 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2015-03-01 19:13 . 2014-09-04 05:04    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2015-03-01 19:07 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2015-03-01 19:07 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2015-03-01 19:07 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2015-03-01 19:07 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2015-03-01 19:07 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2015-03-01 19:07 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2015-03-01 19:07 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2015-02-17 20:26 . 2015-02-17 20:26    1217184    ----a-w-    c:\windows\SysWow64\FM20.DLL
2015-02-14 00:09 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2015-02-14 00:09 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2015-02-14 00:09 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2015-02-14 00:09 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2015-02-14 00:09 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2015-02-14 00:09 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2015-02-14 00:08 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2015-02-14 00:08 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2015-02-14 00:03 . 2014-10-14 02:13    683520    ----a-w-    c:\windows\system32\termsrv.dll
2015-02-14 00:03 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2015-02-14 00:03 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2015-02-14 00:03 . 2013-10-04 02:28    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2015-02-14 00:03 . 2013-10-04 02:25    197120    ----a-w-    c:\windows\system32\credui.dll
2015-02-14 00:03 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2015-02-14 00:03 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2015-02-14 00:02 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2015-02-14 00:02 . 2012-10-09 18:17    55296    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2015-02-14 00:02 . 2012-10-09 18:17    226816    ----a-w-    c:\windows\system32\dhcpcore6.dll
2015-02-14 00:02 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\SysWow64\dhcpcsvc6.dll
2015-02-14 00:02 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\SysWow64\dhcpcore6.dll
2015-02-14 00:01 . 2012-10-03 17:44    246272    ----a-w-    c:\windows\system32\netcorehc.dll
2015-02-14 00:01 . 2012-10-03 17:44    216576    ----a-w-    c:\windows\system32\ncsi.dll
2015-02-14 00:01 . 2012-10-03 17:42    569344    ----a-w-    c:\windows\system32\iphlpsvc.dll
2015-02-14 00:01 . 2012-10-03 16:42    175104    ----a-w-    c:\windows\SysWow64\netcorehc.dll
2015-02-14 00:01 . 2012-10-03 17:44    70656    ----a-w-    c:\windows\system32\nlaapi.dll
2015-02-14 00:01 . 2012-10-03 17:44    18944    ----a-w-    c:\windows\system32\netevent.dll
2015-02-14 00:01 . 2012-10-03 16:42    18944    ----a-w-    c:\windows\SysWow64\netevent.dll
2015-02-14 00:01 . 2012-10-03 16:07    45568    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2015-02-13 23:55 . 2014-06-18 02:19    503296    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-02-13 23:54 . 2014-02-04 02:35    190912    ----a-w-    c:\windows\system32\drivers\storport.sys
2015-02-13 23:54 . 2014-02-04 02:35    274880    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2015-02-13 23:54 . 2014-02-04 02:35    27584    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2015-02-13 23:54 . 2014-02-04 02:28    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2015-02-13 23:54 . 2014-02-04 02:00    2048    ----a-w-    c:\windows\SysWow64\iologmsg.dll
2015-02-13 23:52 . 2014-11-26 03:53    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2015-02-13 23:52 . 2014-11-26 03:32    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2015-02-13 23:52 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2015-02-13 23:52 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2015-02-13 23:50 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2015-02-13 23:50 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2015-02-13 23:50 . 2014-06-06 10:10    624128    ----a-w-    c:\windows\system32\qedit.dll
2015-02-13 23:50 . 2014-06-06 09:44    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2015-02-13 23:50 . 2014-05-30 06:45    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2015-02-13 23:50 . 2013-06-25 22:55    785624    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2015-02-13 23:50 . 2013-09-08 02:27    327168    ----a-w-    c:\windows\system32\mswsock.dll
2015-02-13 23:50 . 2013-09-08 02:03    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2015-02-13 23:47 . 2014-10-03 02:12    2020352    ----a-w-    c:\windows\system32\WsmSvc.dll
2015-02-13 23:46 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2015-02-13 23:24 . 2014-07-17 02:07    455168    ----a-w-    c:\windows\system32\winlogon.exe
2015-02-13 23:21 . 2014-10-25 01:57    77824    ----a-w-    c:\windows\system32\packager.dll
2015-02-13 23:21 . 2014-10-25 01:32    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2015-02-13 23:21 . 2013-05-13 05:50    52224    ----a-w-    c:\windows\system32\certenc.dll
2015-02-13 23:21 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2015-02-13 23:21 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2015-02-13 23:21 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2015-02-13 23:20 . 2014-01-24 02:37    1684928    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2015-02-13 23:20 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2015-02-13 23:20 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2015-02-13 22:56 . 2014-10-14 02:13    3241984    ----a-w-    c:\windows\system32\msi.dll
2015-02-13 22:56 . 2014-10-14 01:50    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2015-02-13 22:56 . 2014-06-03 10:02    1941504    ----a-w-    c:\windows\system32\authui.dll
2015-02-13 22:56 . 2014-06-03 09:29    1805824    ----a-w-    c:\windows\SysWow64\authui.dll
2015-02-13 22:56 . 2014-06-03 10:02    112064    ----a-w-    c:\windows\system32\consent.exe
2015-02-13 22:56 . 2014-06-03 10:02    504320    ----a-w-    c:\windows\system32\msihnd.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-14 23:30 . 2015-01-28 15:42    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-14 23:30 . 2015-01-28 15:41    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-03-13 22:51 . 2012-04-23 18:08    778928    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-13 22:51 . 2011-08-03 22:08    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 16:43 . 2010-12-21 02:57    122905848    ----a-w-    c:\windows\system32\MRT.exe
2015-02-13 09:15 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2015-02-13 09:15 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2015-01-18 11:24 . 2015-01-18 11:24    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150313.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150313.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys;c:\windows\SYSNATIVE\drivers\vad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-13 23:03    1061704    ----a-w-    c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 22:51]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-13 22:51]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-13 22:51]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764179678-3319802143-1364906947-1001Core.job
- c:\users\Brandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 22:21]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764179678-3319802143-1364906947-1001UA.job
- c:\users\Brandi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 22:21]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764179678-3319802143-1364906947-1003Core.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 20:16]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764179678-3319802143-1364906947-1003UA.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 20:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-02-11 20:13    997536    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-02-11 20:13    997536    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-02-11 20:13    997536    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: dell.com
Trusted Zone: microsoftlabsonline.com\moac
Trusted Zone: microsoftonlinelabs.com\www.moac
Trusted Zone: redlobster.com\mydish
Trusted Zone: usverify.com\secure
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FFE6EEBD-89C2-417B-AD84-669A17C0BAD2}: DhcpNameServer = 192.168.222.2
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\Brandi\Microsoft Office 15\root\office15\MSOSB.DLL
FF - ProfilePath - c:\users\Brandi\AppData\Roaming\Mozilla\Firefox\Profiles\vmn4luar.default-1426274548648\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2764179678-3319802143-1364906947-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\01\0d\03\0d.?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-15  15:47:52
ComboFix-quarantined-files.txt  2015-03-15 20:47
ComboFix2.txt  2015-03-12 19:38
.
Pre-Run: 195,431,538,688 bytes free
Post-Run: 195,155,755,008 bytes free
.
- - End Of File - - 059E9FF09F0EBBA53D955CF5E75C85B2
 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2015 - 04:53 PM

Hi Jadedonentn,

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Jadedonentn

Jadedonentn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 16 March 2015 - 06:23 AM

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Public\Util\DTChk.exe    Win32/Toolbar.DefaultTab.F potentially unwanted application



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 March 2015 - 08:50 AM

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:
cmd /c del /a/f/q "C:\Users\Public\Util\DTChk.exe"
You should see a black DOS screen open momentarily. This is normal.
-------------------------------------------------------------------------------------------------
 Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 73
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.
  • Please ,in the process uninstalled the older version.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

-------------------------------------------------------------

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.
 

  • Uninstall Adobe Reader X via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg


Edited by olgun52, 06 March 2016 - 09:50 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users