Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Infected with Hao.360.cn


  • This topic is locked This topic is locked
18 replies to this topic

#1 AustinAndrews

AustinAndrews

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 03 May 2015 - 03:04 AM

i made another topic where this friendly young lady helped me 

Link for topic: http://www.bleepingcomputer.com/forums/t/574666/hao360cn-has-infected-my-computer/?p=3696844

 

I've tried Deleting the Shortcut and it seems to have worked till i reboot, it keeps making google chrome settings restart and turns the language to chinese which is pretty annoying

 

Attached File  FRST.txt   43.83KB   4 downloads

Attached File  Addition.txt   35.7KB   4 downloads

 
 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 07 May 2015 - 02:59 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 07 May 2015 - 04:15 PM

I Share this laptop with my older brother's is there any way i could find out which software's are illegal/cracked so i could remove them? (after asking them ofc)



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 07 May 2015 - 04:22 PM

Step 1
 
ck.PNG

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and attach the log file in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 07 May 2015 - 05:24 PM

Alrighty thanks i already finished the first scan do i have to re-do it once i uninstall the illegal/cracked software it might take a while cause my brother comes home from work at 8:30ish



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 07 May 2015 - 05:26 PM

Ok. Afterwards please proceed with step 1 (combofix).


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 07 May 2015 - 05:58 PM

CKScanner won't respond when i click search for files it goes unresponsive, i saved it to the desktop do i also run as administrator? 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 08 May 2015 - 03:18 AM

Yes, please.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 08 May 2015 - 01:17 PM

it's still unresponsive is there anything else?



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 08 May 2015 - 01:18 PM

Please go ahead and run combofix.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 08 May 2015 - 04:38 PM

Ahh i left it for an hour and it decided to work! :D 

 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1.ac
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1.kfm
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1.nif
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack2.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsbwait1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbscridamage1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdamage1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdie1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsmagic1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbstired1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswait1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswalk1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2.ac
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2.kfm
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2.nif
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack2.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsbwait1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbscridamage1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdamage1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdie1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsmagic1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbstired1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswait1.kf
c:\nexon\library\atlantica\appdata\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswalk1.kf
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackekf11.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackekf12.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackekf13.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackekf14.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf1.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf10.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf11.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf12.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf2.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf3.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf4.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf5.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf6.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf7.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf8.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\nutcrackerf9.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\popnutcrackerf1.xml
c:\nexon\library\atlantica\appdata\nchar3d\preset\popnutcrackerf4.xml
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf1_map00.dds
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf1_map01.dds
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf1_map02.dds
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf2_map00.dds
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf2_map01.dds
c:\nexon\library\atlantica\appdata\nchar3d\texture\monster\nutcrackerf2_map02.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho1\defaulttexture\dun_hwangho1_crack.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho1\lowertexture\dun_hwangho1_crack.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho2_1\defaulttexture\dun_hwangho1_crack.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho2_1\lowertexture\dun_hwangho1_crack.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho3\defaulttexture\dun_hwangho3_crack.dds
c:\nexon\library\atlantica\appdata\nmap\hwangho3\lowertexture\dun_hwangho3_crack.dds
scanner sequence 3.ZZ.11.TSAAU0
 ----- EOF ----- 


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 08 May 2015 - 11:47 PM

Please proceed with Combofix.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 09 May 2015 - 05:34 PM

was there no illegal software? or did the software already delete it? i wanted to have something against him D'x


Edited by AustinAndrews, 09 May 2015 - 05:55 PM.


#14 AustinAndrews

AustinAndrews
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 09 May 2015 - 05:55 PM

ComboFix 15-05-09.01 - Manga 05/09/2015  18:39:34.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.1771 [GMT -8:00]
Running from: C:\Users\Manga\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((   Files Created from 2015-04-10 to 2015-05-10  )))))))))))))))))))))))))))))))
 
 
2015-05-10 02:51:45 . 2015-05-10 02:51:45 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-05-06 12:27:17 . 2015-05-10 02:23:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D5AEA55-407F-4A75-B26A-E12BB94ACB57}\offreg.dll
2015-05-06 10:16:34 . 2015-05-06 10:16:34 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2015-05-06 09:42:54 . 2015-04-04 06:25:09 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D5AEA55-407F-4A75-B26A-E12BB94ACB57}\mpengine.dll
2015-05-06 09:25:36 . 2015-05-06 09:25:36 -------- d-----w- C:\Users\Manga\AppData\Local\The_Sims_4_CC_Tracker
2015-05-02 02:57:08 . 2015-05-02 03:32:04 -------- d-----w- C:\Program Files (x86)\Singles
2015-05-02 02:44:14 . 2015-05-02 03:32:24 -------- d-----w- C:\Touch
2015-04-30 10:41:10 . 2015-04-30 10:41:10 -------- d-----w- C:\Users\Manga\AppData\Local\Skyrim
2015-04-30 09:56:26 . 2015-04-30 09:56:27 181016 ----a-w- C:\Windows\SysWow64\binkw32.dll
2015-04-30 08:23:02 . 2015-04-30 08:23:02 -------- d-----w- C:\Users\Manga\Lionhead Studios
2015-04-30 05:29:50 . 2015-04-30 05:29:50 -------- d-----w- C:\Windows\SysWow64\xlive
2015-04-30 05:29:28 . 2015-04-30 05:29:50 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-04-30 05:08:33 . 2015-04-30 05:08:33 -------- d-----w- C:\Users\Manga\AppData\Roaming\Lionhead Studios
2015-04-30 04:23:38 . 2015-04-30 04:23:38 -------- d-----w- C:\Users\Manga\AppData\Roaming\dll-files.com
2015-04-30 04:23:31 . 2015-04-30 04:23:31 -------- d-----w- C:\ProgramData\Logs
2015-04-30 04:23:24 . 2013-04-12 00:12:00 19392 ----a-w- C:\Windows\system32\roboot64.exe
2015-04-30 04:23:16 . 2015-04-30 04:23:23 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2015-04-29 04:44:26 . 2015-04-29 04:44:26 -------- d-----w- C:\RegBackup
2015-04-29 04:42:35 . 2015-04-29 04:44:55 -------- d-----w- C:\AdwCleaner
2015-04-28 05:37:53 . 2015-04-28 05:37:53 -------- d-----w- C:\Program Files (x86)\Karin Entertainment
2015-04-26 02:31:56 . 2015-04-26 02:32:12 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-25 21:06:12 . 2015-04-25 21:07:01 -------- d-----w- C:\Users\Guest
2015-04-24 08:48:51 . 2014-07-16 01:24:00 531496 ----a-w- C:\Windows\SysWow64\mcmpeg2mux.ax
2015-04-24 08:48:51 . 2014-07-16 01:24:00 375848 ----a-w- C:\Windows\SysWow64\mcm2ve.ax
2015-04-24 08:48:51 . 2014-07-16 01:24:00 257064 ----a-w- C:\Windows\SysWow64\mcl2ae.ax
2015-04-24 08:48:51 . 2014-07-16 01:24:00 244776 ----a-w- C:\Windows\SysWow64\mcmpgaout.dll
2015-04-24 08:48:51 . 2014-07-16 01:24:00 2140712 ----a-w- C:\Windows\SysWow64\mcmpgvout.004
2015-04-24 08:48:51 . 2014-07-16 01:24:00 20520 ----a-w- C:\Windows\SysWow64\mcmpgvout.dll
2015-04-24 01:18:58 . 2015-04-24 01:18:58 -------- d-----w- C:\ProgramData\Roblox
2015-04-24 01:18:12 . 2015-04-24 01:18:12 -------- d-----w- C:\Program Files (x86)\Roblox
2015-04-22 06:42:14 . 2015-04-29 10:36:19 -------- d-----w- C:\Users\Manga\AppData\Roaming\RenPy
2015-04-12 18:03:22 . 2015-04-12 18:03:22 -------- d-----w- C:\Users\Manga\AppData\Roaming\LockHunter
2015-04-12 18:02:36 . 2015-04-12 18:02:37 -------- d-----w- C:\Program Files\LockHunter
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2015-05-10 02:30:23 . 2015-02-26 21:20:32 136408 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-04-30 05:39:52 . 2009-08-18 20:49:26 564632 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
2015-04-30 05:39:45 . 2009-08-18 19:24:10 23776 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-04-15 06:15:58 . 2015-04-15 06:15:58 22 ----a-w- C:\Windows\SysWow64\ESETPoweliksCleaner.exe_20150414.221558.7516.zip
2015-04-14 17:37:56 . 2015-02-26 21:19:22 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2015-04-14 17:37:46 . 2015-02-26 21:19:22 107736 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-14 17:37:42 . 2015-02-26 21:19:22 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2015-03-28 04:55:09 . 2015-02-28 05:44:24 122905848 ----a-w- C:\Windows\system32\MRT.exe
2015-03-18 23:37:43 . 2015-03-18 23:37:43 15576 ----a-w- C:\Users\Manga\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2015-03-12 19:05:41 . 2015-03-12 19:05:41 339792 ----a-w- C:\ProgramData\Microsoft\Security\Client\temp\tmpAEE5.exe
2015-03-10 23:46:20 . 2015-03-10 17:25:48 129752 ----a-w- C:\Windows\system32\drivers\37634368.sys
2015-03-10 18:33:59 . 2015-02-08 19:43:54 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-03-10 18:33:47 . 2015-01-26 05:56:08 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-03-10 17:32:32 . 2015-01-11 03:52:32 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-10 17:32:21 . 2015-01-11 03:52:21 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-07 02:10:38 . 2015-01-11 03:52:18 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-03-06 05:56:10 . 2015-03-28 04:44:29 95680 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2015-03-06 05:56:10 . 2015-03-28 04:44:29 155576 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42:39 . 2015-03-28 04:44:29 210944 ----a-w- C:\Windows\system32\wdigest.dll
2015-03-06 05:42:36 . 2015-03-28 04:44:29 86528 ----a-w- C:\Windows\system32\TSpkg.dll
2015-03-06 05:42:35 . 2015-03-28 04:44:29 29184 ----a-w- C:\Windows\system32\sspisrv.dll
2015-03-06 05:42:35 . 2015-03-28 04:44:29 136192 ----a-w- C:\Windows\system32\sspicli.dll
2015-03-06 05:42:33 . 2015-03-28 04:44:30 341504 ----a-w- C:\Windows\system32\schannel.dll
2015-03-06 05:42:33 . 2015-03-28 04:44:29 28160 ----a-w- C:\Windows\system32\secur32.dll
2015-03-06 05:42:29 . 2015-03-28 04:44:29 314880 ----a-w- C:\Windows\system32\msv1_0.dll
2015-03-06 05:42:29 . 2015-03-28 04:44:29 309760 ----a-w- C:\Windows\system32\ncrypt.dll
2015-03-06 05:42:27 . 2015-03-28 04:44:29 728064 ----a-w- C:\Windows\system32\kerberos.dll
2015-03-06 05:42:27 . 2015-03-28 04:44:29 1461760 ----a-w- C:\Windows\system32\lsasrv.dll
2015-03-06 05:42:20 . 2015-03-28 04:44:29 22016 ----a-w- C:\Windows\system32\credssp.dll
2015-03-06 05:41:46 . 2015-03-28 04:44:29 31232 ----a-w- C:\Windows\system32\lsass.exe
2015-03-06 05:41:31 . 2015-03-28 04:44:29 64000 ----a-w- C:\Windows\system32\auditpol.exe
2015-03-06 05:39:16 . 2015-03-28 04:44:29 60416 ----a-w- C:\Windows\system32\msobjs.dll
2015-03-06 05:38:57 . 2015-03-28 04:44:29 146432 ----a-w- C:\Windows\system32\msaudite.dll
2015-03-06 05:36:56 . 2015-03-28 04:44:29 686080 ----a-w- C:\Windows\system32\adtschema.dll
2015-03-06 05:10:34 . 2015-03-28 04:44:29 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 . 2015-03-28 04:44:29 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 . 2015-03-28 04:44:29 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 . 2015-03-28 04:44:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 . 2015-03-28 04:44:29 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 . 2015-03-28 04:44:29 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 . 2015-03-28 04:44:29 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 . 2015-03-28 04:44:29 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 . 2015-03-28 04:44:29 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 . 2015-03-28 04:44:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 . 2015-03-28 04:44:29 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 . 2015-03-28 04:44:29 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 . 2015-03-28 04:44:29 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-06 01:09:26 . 2015-01-11 03:52:50 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-03-06 01:09:08 . 2015-01-24 03:30:40 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-03-06 01:08:59 . 2015-01-24 03:30:26 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-03-04 17:54:37 . 2015-03-04 17:54:37 315048 ----a-w- C:\ProgramData\Microsoft\Security\Client\temp\tmpF4F1.exe
2015-03-02 07:47:16 . 2015-03-02 07:47:16 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2015-03-02 07:39:49 . 2015-03-02 07:35:59 129752 ----a-w- C:\Windows\system32\drivers\0CEA0EEA.sys
2015-02-28 06:35:39 . 2015-02-28 06:35:39 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 942592 ----a-w- C:\Windows\system32\jsIntl.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 81408 ----a-w- C:\Windows\system32\icardie.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 774144 ----a-w- C:\Windows\system32\jscript.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 77312 ----a-w- C:\Windows\system32\tdc.ocx
2015-02-28 06:35:33 . 2015-02-28 06:35:33 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2015-02-28 06:35:33 . 2015-02-28 06:35:33 62464 ----a-w- C:\Windows\system32\pngfilt.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 616104 ----a-w- C:\Windows\system32\ieapfltr.dat
2015-02-28 06:35:33 . 2015-02-28 06:35:33 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 48128 ----a-w- C:\Windows\system32\imgutil.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 413696 ----a-w- C:\Windows\system32\html.iec
2015-02-28 06:35:33 . 2015-02-28 06:35:33 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 337408 ----a-w- C:\Windows\SysWow64\html.iec
2015-02-28 06:35:33 . 2015-02-28 06:35:33 30208 ----a-w- C:\Windows\system32\licmgr10.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 247808 ----a-w- C:\Windows\system32\msls31.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 243200 ----a-w- C:\Windows\system32\webcheck.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 235520 ----a-w- C:\Windows\system32\url.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 235008 ----a-w- C:\Windows\system32\elshyph.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 167424 ----a-w- C:\Windows\system32\iexpress.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 147968 ----a-w- C:\Windows\system32\occache.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 143872 ----a-w- C:\Windows\system32\wextract.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 13824 ----a-w- C:\Windows\system32\mshta.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 135680 ----a-w- C:\Windows\system32\iepeers.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 13312 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 13312 ----a-w- C:\Windows\system32\msfeedssync.exe
2015-02-28 06:35:33 . 2015-02-28 06:35:33 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 105984 ----a-w- C:\Windows\system32\iesysprep.dll
2015-02-28 06:35:33 . 2015-02-28 06:35:33 101376 ----a-w- C:\Windows\system32\inseng.dll
2015-02-28 06:33:39 . 2015-02-28 06:33:39 878080 ----a-w- C:\Windows\system32\advapi32.dll
2015-02-28 06:33:39 . 2015-02-28 06:33:39 859648 ----a-w- C:\Windows\system32\tdh.dll
2015-02-28 06:33:39 . 2015-02-28 06:33:39 1732032 ----a-w- C:\Windows\system32\ntdll.dll
2015-02-28 06:33:38 . 2015-02-28 06:33:38 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-02-28 06:33:38 . 2015-02-28 06:33:38 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-02-28 06:33:38 . 2015-02-28 06:33:38 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"iFunBox Fast App Install Handler"="C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe" [2015-02-11 06:58:42 2508288]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 09:19:52 3696912]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FlashPlayerUpdate"="C:\Users\Manga\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe" [2015-02-28 09:45:22 143360]
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-11-01 00:38:40 2072928]
 
C:\Users\Manga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nexon Launcher.lnk - C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe [2014-11-24 11646953]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-23 1393016]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 cpuz134;cpuz134;C:\Users\Manga\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;C:\Users\Manga\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys;C:\Windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe;C:\Program Files (x86)\Origin\OriginClientService.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AECLFilters;Andrea Cirrus Logic Filters Service;C:\Windows\system32\AECLSr64.exe;C:\Windows\SYSNATIVE\AECLSr64.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\ElRawDsk.sys;C:\Windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 RawDisk3;RawDisk3;C:\Windows\system32\drivers\rawdsk3.sys;C:\Windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 KaoLaBrowServiceszhslYdD;KaoLaBrowServiceszhslYdD;C:\Program Files (x86)\kaola\klpro.exe;C:\Program Files (x86)\kaola\klpro.exe [x]
S2 Leawo_service;Leawo common service.;C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe;C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys;C:\Windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys;C:\Windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\system32\drivers\btwampfl.sys;C:\Windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CirrusLFD;CS42xxLowerFilter;C:\Windows\system32\DRIVERS\CSLFDx64.sys;C:\Windows\SYSNATIVE\DRIVERS\CSLFDx64.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-30 22:10:56 988488 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2015-05-10 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-10 11:26:47 . 2015-02-24 20:12:25]
 
2015-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15 00:41:12 . 2015-04-15 00:41:12]
 
2015-05-10 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15 00:41:12 . 2015-04-15 00:41:12]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Audio"="C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe" [2012-05-11 00:47:32 20567552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-09-07 10:38:18 170304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-09-07 10:37:54 398656]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-09-07 10:38:00 441152]
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe" [2015-01-06 22:33:02 7520768]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2012-12-21 16:06:54 692208]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 04:38:18 558496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2015-02-13 15:55:12 169768]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = C:\Windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{50F7B22D-5928-4884-945C-E76B7C2C98E6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5489C395-90B1-4F53-9727-F7DF159A60A0}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{7EC7A181-D1D9-44E6-B533-4C69036FA21A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{97991E2A-3320-4937-AF9B-3ECC08CFF571}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{97991E2A-3320-4937-AF9B-3ECC08CFF571}\6496F435D27324133565: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - C:\Users\Manga\AppData\Roaming\Mozilla\Firefox\Profiles\w17fv4ui.default\
 
- - - - ORPHANS REMOVED - - - -
 
ShellIconOverlayIdentifiers-{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} - (no file)


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:13 PM

Posted 10 May 2015 - 04:02 AM

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users