Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

View and Track Downloads


  • This topic is locked This topic is locked
43 replies to this topic

#1 Erastus

Erastus

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 September 2015 - 06:13 AM

Have a problem that I can find being addressed in other forums - All applications on my computer bring up a box with the title bar "View Downloads - Windows Internet Explorer". Within the box it talk of "View and track your downloads" - Do you want to run or save this program?

 

In accordance with previous forum posts I have run FRST, and generated the following log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by SYSTEM on MINWINPC (06-09-2015 20:54:47)
Running from d:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-03-26] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-02-25] (IDT, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\davidiancooper\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\davidiancooper\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-01] (Skype Technologies S.A.)
HKU\davidiancooper\...\Run: [BingSvc] => C:\Users\davidiancooper\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\davidiancooper\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\davidiancooper\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-22] (SlimWare Utilities, Inc.)
HKU\davidiancooper\...\Run: [GoogleChromeAutoLaunch_F2EF7F519F99F075F251465B141B2D9D] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\RA Media Server\...\Run: [SightSpeed] => "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
HKU\RA Media Server\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-03] (Google Inc.)
HKU\RA Media Server\...\Run: [BitTorrent] => C:\Program Files\BitTorrent\BitTorrent.exe [4770672 2011-04-30] (BitTorrent, Inc.)
HKU\RA Media Server\...\Run: [Mobile Partner] => C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
HKU\RA Media Server\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [SpeedUpMyPC] => "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 
HKU\RA Media Server\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\RA Media Server\...\Run: [fTalk] => "C:\Users\davidiancooper\AppData\Local\fTalk\ftalk.exe" -autorun
HKU\RA Media Server\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll => c:\Program Files\Bandoo\BndHook.dll [68032 2010-01-18] (Discordia Limited)
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\davidiancooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-16]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
S2 Apache2.2; C:\Program Files\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation)
S2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1678272 2010-01-18] (Discordia Limited)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1962192 2015-05-22] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [184528 2015-05-22] (Dell Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 dsl-db; C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] ()
S2 dsl-fs-sync; C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [189680 2009-04-13] (SingleClick Systems)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1ca8660fa72debc; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
S2 hnmsvc; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [828656 2009-04-13] (Dell Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S2 MediaManagerService; C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe [34096 2008-03-03] ()
S2 N360; C:\Program Files\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-08] (Skype Technologies S.A.)
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-22] (SlimWare Utilities, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe [229458 2010-02-25] (IDT, Inc.)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-10] (Dell Inc.)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-28] (Symantec, Inc.)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-13] (WDC)
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-15] (Memeo)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-09] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-31] (Omnivision Technologies, Inc.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150821.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1605020.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-01-30] (Dell Computer Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-31] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2011-11-11] (LeapFrog)
S1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150904.003_c3c\IDSvix86.sys [580856 2015-08-28] (Symantec Corporation)
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2010-02-08] (InterVideo, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-09-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-17] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150905.002\NAVENG.SYS [104440 2015-09-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150905.002\NAVEX15.SYS [1645432 2015-09-05] (Symantec Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
S3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-18] (Creative Technology Ltd.)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-06-30] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-06-30] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-12] (Realtek)
S1 SRTSP; C:\Windows\System32\Drivers\N360\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1605020.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-09-06] ()
S0 SymEFASI; C:\Windows\System32\drivers\N360\1605020.00F\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1605020.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1605020.00F\SYMTDIV.SYS [358104 2015-06-03] (Symantec Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 20:54 - 2015-09-06 20:54 - 00000000 ____D C:\FRST
2015-09-06 02:41 - 2015-09-06 02:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-09-06 00:30 - 2015-09-06 00:30 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-06 00:30 - 2015-09-06 00:30 - 00000861 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-06 00:30 - 2015-09-06 00:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-06 00:30 - 2015-06-17 14:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-09-05 21:34 - 2015-09-05 21:34 - 00000000 ____D C:\NBRT
2015-09-03 01:13 - 2015-09-03 01:13 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\{BF712DC6-BA53-4C0B-9BE6-E0739506CE3A}
2015-09-03 01:13 - 2015-09-03 01:13 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\{BF712DC6-BA53-4C0B-9BE6-E0739506CE3A}
2015-09-02 09:04 - 2015-09-02 09:04 - 00143728 _____ C:\Windows\Minidump\Mini090315-01.dmp
2015-09-02 09:03 - 2015-09-02 09:03 - 482270699 _____ C:\Windows\MEMORY.DMP
2015-08-19 09:00 - 2015-08-14 15:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-08-19 09:00 - 2015-08-14 14:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-08-19 09:00 - 2015-08-14 14:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-08-15 19:09 - 2015-09-06 00:26 - 00001590 _____ C:\Windows\setupact.log
2015-08-15 19:09 - 2015-08-15 19:09 - 00000000 _____ C:\Windows\setuperr.log
2015-08-15 17:50 - 2015-08-15 17:50 - 00000000 ____D C:\Windows\pss
2015-08-13 21:59 - 2015-07-21 12:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-08-13 21:59 - 2015-07-21 08:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2015-08-13 21:59 - 2015-07-21 08:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-08-13 21:59 - 2015-07-21 08:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ecache.sys
2015-08-13 21:59 - 2015-07-21 08:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-08-13 21:59 - 2015-07-21 08:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\emdmgmt.dll
2015-08-13 21:59 - 2015-07-21 08:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-08-13 21:59 - 2015-07-21 08:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-08-13 21:55 - 2015-07-31 11:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 21:54 - 2015-07-09 06:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2015-08-13 21:53 - 2015-07-10 11:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-13 21:46 - 2015-07-11 07:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-13 21:21 - 2015-07-18 08:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-08-13 21:19 - 2015-07-10 11:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-08-13 21:19 - 2015-07-10 11:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-08-13 21:17 - 2015-07-31 14:08 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-08-13 21:17 - 2015-07-31 13:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2015-08-13 21:17 - 2015-07-31 13:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2015-08-13 21:17 - 2015-07-31 13:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2015-08-13 21:17 - 2015-07-31 13:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2015-08-13 21:17 - 2015-07-31 12:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-08-13 21:17 - 2015-07-31 12:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2015-08-13 21:17 - 2015-07-31 12:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2015-08-13 21:17 - 2015-07-31 12:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-08-13 21:17 - 2015-07-31 12:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-08-13 21:17 - 2015-07-31 12:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-08-13 21:17 - 2015-07-31 12:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-08-13 21:11 - 2015-07-01 07:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-13 21:10 - 2015-07-09 06:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-13 21:10 - 2015-07-09 06:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:11 - 2015-07-22 12:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-08-11 19:11 - 2015-07-22 12:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-08-11 19:11 - 2015-07-22 12:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-08-11 19:11 - 2015-07-22 12:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-08-11 19:11 - 2015-07-22 12:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2015-08-11 19:11 - 2015-07-22 12:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-08-11 19:11 - 2015-07-22 12:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-08-11 19:11 - 2015-07-22 12:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-08-11 19:11 - 2015-07-22 12:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-08-11 19:11 - 2015-07-22 12:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-08-11 19:11 - 2015-07-22 12:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-08-11 19:11 - 2015-07-22 12:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-08-11 19:11 - 2015-07-22 12:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2015-08-11 19:11 - 2015-07-22 12:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2015-08-11 19:11 - 2015-07-22 12:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2015-08-11 19:10 - 2015-07-22 12:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-08-11 19:10 - 2015-07-22 12:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-08-11 19:10 - 2015-07-22 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-08-11 19:10 - 2015-07-22 12:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 04:31 - 2009-10-16 12:39 - 00000000 ____D C:\users\RA Media Server
2015-09-06 04:31 - 2009-09-24 03:23 - 00000000 ____D C:\users\davidiancooper
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2015-09-06 04:31 - 2006-11-02 02:22 - 60030976 _____ C:\Windows\System32\config\software_previous
2015-09-06 04:31 - 2006-11-02 02:22 - 14680064 _____ C:\Windows\System32\config\system_previous
2015-09-06 04:26 - 2006-11-02 02:22 - 46661632 _____ C:\Windows\System32\config\components_previous
2015-09-06 04:26 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2015-09-06 02:50 - 2012-05-31 19:57 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\Temp
2015-09-06 02:48 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 02:48 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 02:47 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2015-09-06 02:47 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-06 02:47 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2015-09-06 02:47 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-06 02:47 - 2011-06-05 02:33 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-09-06 02:46 - 2012-05-31 19:30 - 00000000 ____D C:\ProgramData\TEMP
2015-09-06 02:36 - 2008-01-20 18:47 - 02473384 _____ C:\Windows\PFRO.log
2015-09-06 02:35 - 2009-09-15 17:41 - 01867644 _____ C:\Windows\WindowsUpdate.log
2015-09-06 01:27 - 2012-08-05 20:11 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Babylon
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\WeatherBlink
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\WeatherBlink
2015-09-06 01:26 - 2012-12-21 13:20 - 00000000 ____D C:\Program Files\Produtools_Manuals_2.1
2015-09-06 01:26 - 2012-09-23 13:47 - 00000000 ____D C:\Program Files\FLV_Runner
2015-09-06 01:25 - 2015-01-01 01:41 - 00000000 ____D C:\ProgramData\Datamngr
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\RecipeHub_2j
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\RecipeHub_2j
2015-09-06 01:25 - 2014-02-17 18:49 - 00000000 ____D C:\ProgramData\Wincert
2015-09-06 01:25 - 2013-11-09 15:02 - 00000000 ____D C:\Users\davidiancooper\Documents\Optimizer Pro
2015-09-06 01:25 - 2012-08-12 13:40 - 00000000 ____D C:\Program Files\Windows Searchqu Toolbar
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\CRE
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\CRE
2015-09-06 01:23 - 2013-07-01 06:51 - 00000000 ____D C:\Program Files\TV_Bar_2_B2
2015-09-06 00:30 - 2012-05-31 20:03 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Malwarebytes
2015-09-06 00:30 - 2012-05-31 19:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-06 00:30 - 2006-11-02 02:33 - 00759582 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-06 00:26 - 2015-02-16 23:20 - 00013464 _____ C:\Windows\System32\Drivers\SWDUMon.sys
2015-09-06 00:23 - 2006-11-02 04:47 - 00353472 _____ C:\Windows\System32\FNTCACHE.DAT
2015-09-05 21:34 - 2006-11-02 02:22 - 01048576 _____ C:\Windows\System32\config\default_previous
2015-09-05 02:40 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2015-09-02 23:09 - 2009-09-24 15:08 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Skype
2015-09-02 09:04 - 2009-09-25 15:37 - 00000000 ____D C:\Windows\Minidump
2015-08-15 16:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2015-08-15 15:50 - 2012-08-27 12:30 - 00000000 ____D C:\Program Files\SiteRanker
2015-08-15 00:04 - 2009-12-31 02:35 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\CrashDumps
2015-08-15 00:04 - 2009-12-31 02:35 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\CrashDumps
2015-08-13 22:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 22:23 - 2009-09-15 23:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 22:19 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2015-08-13 22:01 - 2009-09-15 23:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 21:43 - 2013-07-20 18:03 - 00000000 ____D C:\Windows\System32\MRT
2015-08-13 21:23 - 2006-11-02 02:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-08-12 03:53 - 2013-07-15 03:22 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-08-12 03:53 - 2011-06-09 17:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-08-10 21:00 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-09 00:49 - 2009-09-24 13:44 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\Adobe
2015-08-09 00:49 - 2009-09-24 13:44 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\Adobe
 
Some files in TEMP:
====================
C:\Users\davidiancooper\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\davidiancooper\AppData\Local\Temp\ResetDevice.exe
C:\Users\davidiancooper\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-13 09:05] - [2015-04-10 15:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2011-04-13 00:06] - [2011-03-02 07:44] - 0168448 ____A (Microsoft Corporation) 85E861D0B88DB2B54ACB0839654C09F7
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point date: 2015-08-17 22:34:36
Restore point date: 2015-08-18 07:43:07
Restore point date: 2015-08-19 06:00:40
Restore point date: 2015-08-19 09:00:18
Restore point date: 2015-08-20 06:00:34
Restore point date: 2015-08-21 00:37:23
Restore point date: 2015-08-22 06:00:39
Restore point date: 2015-08-23 13:52:33
Restore point date: 2015-08-24 06:00:35
Restore point date: 2015-08-25 02:48:06
Restore point date: 2015-08-25 17:14:31
Restore point date: 2015-08-26 06:00:36
Restore point date: 2015-08-27 06:00:37
Restore point date: 2015-08-27 20:04:13
Restore point date: 2015-08-28 08:40:22
Restore point date: 2015-08-29 06:00:38
Restore point date: 2015-09-01 19:42:48
Restore point date: 2015-09-03 02:48:49
Restore point date: 2015-09-03 17:16:36
Restore point date: 2015-09-04 06:00:35
Restore point date: 2015-09-05 10:44:08
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 4055.45 MB
Available physical RAM: 3677.33 MB
Total Virtual: 3923.01 MB
Available Virtual: 3757.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:84.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (NBRT) (Removable) (Total:1.84 GB) (Free:1.82 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 26950ACF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-09-06 00:32
 
==================== End of FRST.txt ============================

Edited by Orange Blossom, 06 September 2015 - 02:25 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 10 September 2015 - 04:26 PM

Greetings Erastus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me the date when this first occurred?

I have provided instructions below but one of the commands will only work if your USB is the D: drive. If it is not then you will not get the minidump file on your USB.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
S2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1678272 2010-01-18] (Discordia Limited)
C:\Program Files\Bandoo
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-09-06] ()
C:\Windows\System32\DRIVERS\SWDUMon.sys
2015-09-06 01:27 - 2012-08-05 20:11 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Babylon
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\WeatherBlink
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\WeatherBlink
2015-09-06 01:26 - 2012-12-21 13:20 - 00000000 ____D C:\Program Files\Produtools_Manuals_2.1
2015-09-06 01:26 - 2012-09-23 13:47 - 00000000 ____D C:\Program Files\FLV_Runner
2015-09-06 01:25 - 2015-01-01 01:41 - 00000000 ____D C:\ProgramData\Datamngr
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\RecipeHub_2j
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\RecipeHub_2j
2015-09-06 01:25 - 2014-02-17 18:49 - 00000000 ____D C:\ProgramData\Wincert
2015-09-06 01:25 - 2013-11-09 15:02 - 00000000 ____D C:\Users\davidiancooper\Documents\Optimizer Pro
2015-09-06 01:25 - 2012-08-12 13:40 - 00000000 ____D C:\Program Files\Windows Searchqu Toolbar
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\CRE
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\CRE
2015-09-06 01:23 - 2013-07-01 06:51 - 00000000 ____D C:\Program Files\TV_Bar_2_B2
Folder: C:\NBRT
cmd: copy C:\Windows\Minidump\Mini090315-01.dmp D:\
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Attach the Minidump file to your reply
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Date problem started
  • Fixlog
  • Attached Minidump file
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 11 September 2015 - 05:13 AM

Thanks Gary. Appreciate your assistance.

 

The computer is my father in law's and so I don't know the exact start date, but my guess would be between 2-3 weeks ago.

 

The fixlog txt is given here:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:04-09-2015
Ran by SYSTEM (2015-09-11 18:20:29) Run:1
Running from D:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
S2 Bandoo Coordinator; C:\Program Files\Bandoo\Bandoo.exe [1678272 2010-01-18] (Discordia Limited)
C:\Program Files\Bandoo
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-09-06] ()
C:\Windows\System32\DRIVERS\SWDUMon.sys
2015-09-06 01:27 - 2012-08-05 20:11 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Babylon
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\WeatherBlink
2015-09-06 01:26 - 2013-03-01 18:39 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\WeatherBlink
2015-09-06 01:26 - 2012-12-21 13:20 - 00000000 ____D C:\Program Files\Produtools_Manuals_2.1
2015-09-06 01:26 - 2012-09-23 13:47 - 00000000 ____D C:\Program Files\FLV_Runner
2015-09-06 01:25 - 2015-01-01 01:41 - 00000000 ____D C:\ProgramData\Datamngr
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\RecipeHub_2j
2015-09-06 01:25 - 2014-04-27 16:32 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\RecipeHub_2j
2015-09-06 01:25 - 2014-02-17 18:49 - 00000000 ____D C:\ProgramData\Wincert
2015-09-06 01:25 - 2013-11-09 15:02 - 00000000 ____D C:\Users\davidiancooper\Documents\Optimizer Pro
2015-09-06 01:25 - 2012-08-12 13:40 - 00000000 ____D C:\Program Files\Windows Searchqu Toolbar
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\CRE
2015-09-06 01:25 - 2012-06-04 22:25 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\CRE
2015-09-06 01:23 - 2013-07-01 06:51 - 00000000 ____D C:\Program Files\TV_Bar_2_B2
Folder: C:\NBRT
cmd: copy C:\Windows\Minidump\Mini090315-01.dmp D:\
*****************
 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => key removed successfully.
Bandoo Coordinator => service removed successfully.
C:\Program Files\Bandoo => moved successfully
yksvc => service removed successfully.
AppMgmt => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
SWDUMon => service removed successfully.
C:\Windows\System32\DRIVERS\SWDUMon.sys => moved successfully
"C:\Users\davidiancooper\AppData\Roaming\Babylon" => File/Folder not found.
"C:\Users\davidiancooper\Local Settings\Application Data\WeatherBlink" => File/Folder not found.
"C:\Users\davidiancooper\AppData\Local\WeatherBlink" => File/Folder not found.
"C:\Program Files\Produtools_Manuals_2.1" => File/Folder not found.
"C:\Program Files\FLV_Runner" => File/Folder not found.
"C:\ProgramData\Datamngr" => File/Folder not found.
C:\Users\davidiancooper\Local Settings\Application Data\RecipeHub_2j => moved successfully
"C:\Users\davidiancooper\AppData\Local\RecipeHub_2j" => File/Folder not found.
C:\ProgramData\Wincert => moved successfully
C:\Users\davidiancooper\Documents\Optimizer Pro => moved successfully
"C:\Program Files\Windows Searchqu Toolbar" => File/Folder not found.
C:\Users\davidiancooper\Local Settings\Application Data\CRE => moved successfully
"C:\Users\davidiancooper\AppData\Local\CRE" => File/Folder not found.
C:\Program Files\TV_Bar_2_B2 => moved successfully
 
========================= Folder: C:\NBRT ========================
 
2015-09-06 04:22 - 2015-09-06 04:25 - 22844051 _____ () C:\NBRT\UndoSession_1441518109.dat
2015-09-05 21:34 - 2015-09-05 21:42 - 0000000 ____D () C:\NBRT\VirusDef
2015-09-05 21:42 - 2015-09-05 21:42 - 0000034 _____ () C:\NBRT\VirusDef\definfo.dat
2015-09-05 21:42 - 2015-09-06 04:25 - 0504842 _____ () C:\NBRT\VirusDef\umcat_01.db
2015-09-05 21:42 - 2015-09-05 21:42 - 0000030 _____ () C:\NBRT\VirusDef\usage.dat
2015-09-05 21:42 - 2015-09-05 21:42 - 0000000 ____D () C:\NBRT\VirusDef\20150904.017
2015-09-05 21:42 - 2015-09-05 02:08 - 0003495 _____ () C:\NBRT\VirusDef\20150904.017\catalog.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0000227 _____ () C:\NBRT\VirusDef\20150904.017\ERASER.grd
2015-09-05 21:42 - 2015-09-05 02:08 - 0003311 _____ () C:\NBRT\VirusDef\20150904.017\ERASER.sig
2015-09-05 21:42 - 2015-09-05 02:08 - 9311280 _____ () C:\NBRT\VirusDef\20150904.017\esrdef.bin
2015-09-05 21:42 - 2015-09-05 21:23 - 4851811 _____ () C:\NBRT\VirusDef\20150904.017\g_1_flt.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 0012490 _____ () C:\NBRT\VirusDef\20150904.017\g_1_idx.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 9841159 _____ () C:\NBRT\VirusDef\20150904.017\g_2_flt.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 0028282 _____ () C:\NBRT\VirusDef\20150904.017\g_2_idx.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 0716560 _____ () C:\NBRT\VirusDef\20150904.017\gcrc_nv.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 2255808 _____ () C:\NBRT\VirusDef\20150904.017\gcrc_v.idx
2015-09-05 21:42 - 2015-09-05 02:08 - 261487512 _____ () C:\NBRT\VirusDef\20150904.017\hf.dat
2015-09-05 21:42 - 2015-09-05 21:23 - 6758562 _____ () C:\NBRT\VirusDef\20150904.017\hf_1.flt
2015-09-05 21:42 - 2015-09-05 21:23 - 0017377 _____ () C:\NBRT\VirusDef\20150904.017\hf_1.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 13410666 _____ () C:\NBRT\VirusDef\20150904.017\hf_2.flt
2015-09-05 21:42 - 2015-09-05 21:23 - 0038522 _____ () C:\NBRT\VirusDef\20150904.017\hf_2.idx
2015-09-05 21:42 - 2015-09-05 02:08 - 0010207 _____ () C:\NBRT\VirusDef\20150904.017\hh
2015-09-05 21:42 - 2015-09-05 02:08 - 119110554 _____ () C:\NBRT\VirusDef\20150904.017\hp.dat
2015-09-05 21:42 - 2015-09-05 21:23 - 3418983 _____ () C:\NBRT\VirusDef\20150904.017\hp_1.flt
2015-09-05 21:42 - 2015-09-05 21:23 - 0008606 _____ () C:\NBRT\VirusDef\20150904.017\hp_1.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 6793042 _____ () C:\NBRT\VirusDef\20150904.017\hp_2.flt
2015-09-05 21:42 - 2015-09-05 21:23 - 0019119 _____ () C:\NBRT\VirusDef\20150904.017\hp_2.idx
2015-09-05 21:42 - 2015-09-05 02:08 - 0006536 _____ () C:\NBRT\VirusDef\20150904.017\ncsacert.txt
2015-09-05 21:42 - 2015-09-05 02:08 - 0098112 _____ () C:\NBRT\VirusDef\20150904.017\scrauth.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 304970501 _____ () C:\NBRT\VirusDef\20150904.017\tcdefs.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 31122534 _____ () C:\NBRT\VirusDef\20150904.017\tcscan7.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0195593 _____ () C:\NBRT\VirusDef\20150904.017\tcscan8.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0815961 _____ () C:\NBRT\VirusDef\20150904.017\tcscan9.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0000875 _____ () C:\NBRT\VirusDef\20150904.017\technote.txt
2015-09-05 21:42 - 2015-09-05 02:08 - 0000453 _____ () C:\NBRT\VirusDef\20150904.017\tinf.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0000148 _____ () C:\NBRT\VirusDef\20150904.017\tinfidx.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0001957 _____ () C:\NBRT\VirusDef\20150904.017\tinfl.dat
2015-09-05 21:42 - 2015-09-05 21:23 - 2032047 _____ () C:\NBRT\VirusDef\20150904.017\troj_nv.idx
2015-09-05 21:42 - 2015-09-05 21:23 - 13000038 _____ () C:\NBRT\VirusDef\20150904.017\troj_v.idx
2015-09-05 21:42 - 2015-09-05 02:08 - 0111943 _____ () C:\NBRT\VirusDef\20150904.017\tscan1.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0003969 _____ () C:\NBRT\VirusDef\20150904.017\tscan1hd.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0005381 _____ () C:\NBRT\VirusDef\20150904.017\v.grd
2015-09-05 21:42 - 2015-09-05 02:08 - 0003311 _____ () C:\NBRT\VirusDef\20150904.017\v.sig
2015-09-05 21:42 - 2015-09-05 02:08 - 1156443 _____ () C:\NBRT\VirusDef\20150904.017\virscan1.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0069194 _____ () C:\NBRT\VirusDef\20150904.017\virscan2.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0160400 _____ () C:\NBRT\VirusDef\20150904.017\virscan3.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0320221 _____ () C:\NBRT\VirusDef\20150904.017\virscan4.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 17452502 _____ () C:\NBRT\VirusDef\20150904.017\virscan5.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0419618 _____ () C:\NBRT\VirusDef\20150904.017\virscan6.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 466876672 _____ () C:\NBRT\VirusDef\20150904.017\virscan7.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 1119636 _____ () C:\NBRT\VirusDef\20150904.017\virscan8.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 11646234 _____ () C:\NBRT\VirusDef\20150904.017\virscan9.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0000032 _____ () C:\NBRT\VirusDef\20150904.017\virscant.dat
2015-09-06 04:25 - 2015-09-06 04:25 - 0002072 _____ () C:\NBRT\VirusDef\20150904.017\vscanmsx.dat
2015-09-05 21:42 - 2015-09-05 02:08 - 0040915 _____ () C:\NBRT\VirusDef\20150904.017\whatsnew.TXT
2015-09-05 21:42 - 2015-09-05 02:08 - 0000224 _____ () C:\NBRT\VirusDef\20150904.017\zdone.dat
2015-09-05 21:42 - 2015-09-05 21:42 - 0000000 ____D () C:\NBRT\VirusDef\BinHub
2015-09-05 21:34 - 2015-09-05 21:42 - 0000000 ____D () C:\NBRT\VirusDef\newdefs-trigger
2015-09-05 21:42 - 2015-09-05 21:42 - 0000000 _____ () C:\NBRT\VirusDef\newdefs-trigger\trigger.dat
 
====== End of Folder: ======
 
 
=========  copy C:\Windows\Minidump\Mini090315-01.dmp D:\ =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:20:34 ====
 
I attempted to attach the mindump file but was obstructed by the website.
 
The computers performance is no different as far as I can see.
 
I have not been able to uninstall Bit Torrent as yet. I couldn't seem to find it in the Add/Remove Programs.
 
Blessings
 
Mark


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 11 September 2015 - 10:08 AM

Greetings Mark and blessings to you as well. Thanks for the enouragement. :)

You can zip and upload the Minidump file here.

I am going to ask you to run a special program first and then attempt to run FRST.

Please do this.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • Attempt to run a FRST scan, including Addition.txt and copy/paste the reports in your reply. If it is unsuccessful attempt the next step
  • Boot into Safe Mode, rerun Rkill and attempt to run a FRST scan, including Addition.txt
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill report
  • FRST reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 13 September 2015 - 01:26 AM

OK, here is my Rkill log:

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/13/2015 04:05:34 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 09/13/2015 04:06:59 PM
Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)
 
 
Here is my FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by SYSTEM on MINWINPC (13-09-2015 16:11:00)
Running from D:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-03-26] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-02-25] (IDT, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\davidiancooper\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\davidiancooper\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-01] (Skype Technologies S.A.)
HKU\davidiancooper\...\Run: [BingSvc] => C:\Users\davidiancooper\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\davidiancooper\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\davidiancooper\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-22] (SlimWare Utilities, Inc.)
HKU\davidiancooper\...\Run: [GoogleChromeAutoLaunch_F2EF7F519F99F075F251465B141B2D9D] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
HKU\RA Media Server\...\Run: [SightSpeed] => "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
HKU\RA Media Server\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-03] (Google Inc.)
HKU\RA Media Server\...\Run: [BitTorrent] => C:\Program Files\BitTorrent\BitTorrent.exe [4770672 2011-04-30] (BitTorrent, Inc.)
HKU\RA Media Server\...\Run: [Mobile Partner] => C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
HKU\RA Media Server\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [SpeedUpMyPC] => "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 
HKU\RA Media Server\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\RA Media Server\...\Run: [fTalk] => "C:\Users\davidiancooper\AppData\Local\fTalk\ftalk.exe" -autorun
HKU\RA Media Server\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll => No File
Startup: C:\Users\davidiancooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-16]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
S2 Apache2.2; C:\Program Files\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1962192 2015-05-22] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [184528 2015-05-22] (Dell Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 dsl-db; C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] ()
S2 dsl-fs-sync; C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [189680 2009-04-13] (SingleClick Systems)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-09-15] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1ca8660fa72debc; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
S2 hnmsvc; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [828656 2009-04-13] (Dell Inc.)
S2 MediaManagerService; C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe [34096 2008-03-03] ()
S2 N360; C:\Program Files\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-08] (Skype Technologies S.A.)
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-22] (SlimWare Utilities, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe [229458 2010-02-25] (IDT, Inc.)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-10] (Dell Inc.)
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-28] (Symantec, Inc.)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-13] (WDC)
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-15] (Memeo)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-09] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-31] (Omnivision Technologies, Inc.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150821.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1605020.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-01-30] (Dell Computer Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-31] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2011-11-11] (LeapFrog)
S1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150906.001\IDSvix86.sys [580856 2015-08-28] (Symantec Corporation)
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2010-02-08] (InterVideo, Inc.)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150907.019\NAVENG.SYS [104440 2015-09-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150907.019\NAVEX15.SYS [1645432 2015-09-05] (Symantec Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
S3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-18] (Creative Technology Ltd.)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-06-30] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-06-30] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-12] (Realtek)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1605020.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\N360\1605020.00F\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1605020.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1605020.00F\SYMTDIV.SYS [358104 2015-06-03] (Symantec Corporation)
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 00:15 - 2015-09-11 00:15 - 00000000 _____ C:\Users\davidiancooper\Local Settings\Application Data\{05AD3B01-999B-48E8-998F-5302B4001624}
2015-09-11 00:15 - 2015-09-11 00:15 - 00000000 _____ C:\Users\davidiancooper\AppData\Local\{05AD3B01-999B-48E8-998F-5302B4001624}
2015-09-06 20:54 - 2015-09-11 18:20 - 00000000 ____D C:\FRST
2015-09-05 21:34 - 2015-09-05 21:34 - 00000000 ____D C:\NBRT
2015-09-03 01:13 - 2015-09-03 01:13 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\{BF712DC6-BA53-4C0B-9BE6-E0739506CE3A}
2015-09-03 01:13 - 2015-09-03 01:13 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\{BF712DC6-BA53-4C0B-9BE6-E0739506CE3A}
2015-09-02 09:04 - 2015-09-02 09:04 - 00143728 _____ C:\Windows\Minidump\Mini090315-01.dmp
2015-09-02 09:03 - 2015-09-02 09:03 - 482270699 _____ C:\Windows\MEMORY.DMP
2015-08-19 09:00 - 2015-08-14 15:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-08-19 09:00 - 2015-08-14 14:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-08-19 09:00 - 2015-08-14 14:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-08-15 19:09 - 2015-09-06 00:26 - 00001590 _____ C:\Windows\setupact.log
2015-08-15 19:09 - 2015-08-15 19:09 - 00000000 _____ C:\Windows\setuperr.log
2015-08-15 17:50 - 2015-08-15 17:50 - 00000000 ____D C:\Windows\pss
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-12 22:08 - 2012-05-31 19:57 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\Temp
2015-09-12 22:08 - 2012-05-31 19:30 - 00000000 ____D C:\ProgramData\TEMP
2015-09-12 22:08 - 2009-09-15 17:41 - 01944689 _____ C:\Windows\WindowsUpdate.log
2015-09-12 22:08 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-12 22:08 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-12 20:56 - 2006-11-02 02:33 - 00759582 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-12 20:44 - 2011-06-05 02:33 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-09-12 20:43 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2015-09-12 20:43 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-12 20:43 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2015-09-12 20:43 - 2011-06-05 02:39 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-08 03:25 - 2008-01-20 18:47 - 02723018 _____ C:\Windows\PFRO.log
2015-09-08 01:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Speech
2015-09-08 01:34 - 2014-07-11 22:58 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Music Toolbar
2015-09-08 01:01 - 2012-10-06 02:05 - 00000000 ____D C:\Program Files\blekko
2015-09-07 22:33 - 2009-10-09 21:39 - 00000000 ____D C:\Program Files\iMesh Applications
2015-09-07 18:38 - 2015-02-16 23:20 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\SlimWare Utilities Inc
2015-09-07 18:38 - 2015-02-16 23:20 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\SlimWare Utilities Inc
2015-09-06 04:31 - 2009-10-16 12:39 - 00000000 ____D C:\users\RA Media Server
2015-09-06 04:31 - 2009-09-24 03:23 - 00000000 ____D C:\users\davidiancooper
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2015-09-06 04:31 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2015-09-06 04:31 - 2006-11-02 02:22 - 60030976 _____ C:\Windows\System32\config\software_previous
2015-09-06 04:31 - 2006-11-02 02:22 - 14680064 _____ C:\Windows\System32\config\system_previous
2015-09-06 04:26 - 2006-11-02 02:22 - 46661632 _____ C:\Windows\System32\config\components_previous
2015-09-06 04:26 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2015-09-06 00:30 - 2012-05-31 20:03 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Malwarebytes
2015-09-06 00:30 - 2012-05-31 19:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-06 00:23 - 2006-11-02 04:47 - 00353472 _____ C:\Windows\System32\FNTCACHE.DAT
2015-09-05 21:34 - 2006-11-02 02:22 - 01048576 _____ C:\Windows\System32\config\default_previous
2015-09-05 02:40 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2015-09-02 23:09 - 2009-09-24 15:08 - 00000000 ____D C:\Users\davidiancooper\AppData\Roaming\Skype
2015-09-02 09:04 - 2009-09-25 15:37 - 00000000 ____D C:\Windows\Minidump
2015-08-15 16:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2015-08-15 15:50 - 2012-08-27 12:30 - 00000000 ____D C:\Program Files\SiteRanker
2015-08-15 00:04 - 2009-12-31 02:35 - 00000000 ____D C:\Users\davidiancooper\Local Settings\Application Data\CrashDumps
2015-08-15 00:04 - 2009-12-31 02:35 - 00000000 ____D C:\Users\davidiancooper\AppData\Local\CrashDumps
 
Some files in TEMP:
====================
C:\Users\davidiancooper\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\davidiancooper\AppData\Local\Temp\ResetDevice.exe
C:\Users\davidiancooper\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-13 09:05] - [2015-04-10 15:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2011-04-13 00:06] - [2011-03-02 07:44] - 0168448 ____A (Microsoft Corporation) 85E861D0B88DB2B54ACB0839654C09F7
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point date: 2015-08-17 22:34:36
Restore point date: 2015-08-18 07:43:07
Restore point date: 2015-08-19 06:00:40
Restore point date: 2015-08-19 09:00:18
Restore point date: 2015-08-20 06:00:34
Restore point date: 2015-08-21 00:37:23
Restore point date: 2015-08-22 06:00:39
Restore point date: 2015-08-23 13:52:33
Restore point date: 2015-08-24 06:00:35
Restore point date: 2015-08-25 02:48:06
Restore point date: 2015-08-25 17:14:31
Restore point date: 2015-08-26 06:00:36
Restore point date: 2015-08-27 06:00:37
Restore point date: 2015-08-27 20:04:13
Restore point date: 2015-08-28 08:40:22
Restore point date: 2015-08-29 06:00:38
Restore point date: 2015-09-01 19:42:48
Restore point date: 2015-09-03 02:48:49
Restore point date: 2015-09-03 17:16:36
Restore point date: 2015-09-04 06:00:35
Restore point date: 2015-09-05 10:44:08
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 4055.45 MB
Available physical RAM: 3684.27 MB
Total Virtual: 3923.01 MB
Available Virtual: 3765.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:84.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (NBRT) (Removable) (Total:1.84 GB) (Free:1.81 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 26950ACF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-09-12 20:54
 
==================== End of FRST.txt ============================
 
 
I couldn't generate addition.txt. Where would I find this (I am using the 32 bit FRST)?
 
Also attached is the minidump file.
 
Blessings
 
Mark

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 13 September 2015 - 01:00 PM

Hi Mark,

My instructions failed to say to try to run a FRST scan in Normal or Safe Mode, although I don't think it would have worked. We won't get an Addition.txt report when running it in the Recovery Environment.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll => No File
S2 gupdate1ca8660fa72debc; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
2015-09-08 01:01 - 2012-10-06 02:05 - 00000000 ____D C:\Program Files\blekko
2015-09-07 22:33 - 2009-10-09 21:39 - 00000000 ____D C:\Program Files\iMesh Applications
C:\Users\davidiancooper\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\davidiancooper\AppData\Local\Temp\ResetDevice.exe
C:\Users\davidiancooper\AppData\Local\Temp\SkypeSetup.exe
File: C:\Program Files\Google\Update\GoogleUpdate.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Windows Repair (All in One) Portable

--------------------
  • From a clean computer download Windows Repair (All in One) Portable onto a USB device
  • Remove the USB device and insert it into your infected computer
  • Press press Windows Key + E at the same time
  • Navigate to the tweaking.com_windows_repair_aio folder and Unzip the folder onto your USB device
  • Remove the USB device and insert it into the problem computer
  • Press press Windows Key + E at the same time
  • Navigate to and double click the Tweaking.com - Windows Repair folder
  • Double click on Repair_Windows icon
  • Go to the Repairs tab and click Open Repairs

p22012124.jpg.gif

  • Leave the default check marks and click Start Repairs

p22012126.jpg.gif

  • Your computer will reboot upon completion
  • Double click the Logs folder on your USB device
  • Double click the file folder created on today's date
  • Double click on _Windows_Repair_Log
  • Copy and paste the contents of the report (or attach the files) in your reply
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Windows All in One report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 15 September 2015 - 05:07 AM

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:04-09-2015
Ran by davidiancooper (2015-09-14 08:09:48) Run:2
Running from D:\
Loaded Profiles: davidiancooper (Available Profiles: davidiancooper & RA Media Server)
Boot Mode: Safe Mode (minimal)
 
==============================================
 
fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll => No File
S2 gupdate1ca8660fa72debc; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
2015-09-08 01:01 - 2012-10-06 02:05 - 00000000 ____D C:\Program Files\blekko
2015-09-07 22:33 - 2009-10-09 21:39 - 00000000 ____D C:\Program Files\iMesh
Applications
C:\Users\davidiancooper\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\davidiancooper\AppData\Local\Temp\ResetDevice.exe
C:\Users\davidiancooper\AppData\Local\Temp\SkypeSetup.exe
File: C:\Program Files\Google\Update\GoogleUpdate.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
"c:\progra~1\bandoo\bndhook.dll" => Value data removed successfully..
gupdate1ca8660fa72debc => service removed successfully.
rpcapd => service removed successfully.
MBAMSwissArmy => service removed successfully.
C:\Program Files\blekko => moved successfully
"C:\Program Files\iMesh" => File/Folder not found.
Applications => Error: No automatic fix found for this entry.
C:\Users\davidiancooper\AppData\Local\Temp\DataCard_Setup.exe => moved successfully
C:\Users\davidiancooper\AppData\Local\Temp\ResetDevice.exe => moved successfully
C:\Users\davidiancooper\AppData\Local\Temp\SkypeSetup.exe => moved successfully
 
========================= File: C:\Program Files\Google\Update\GoogleUpdate.exe ========================
 
File is digitally signed
MD5: DD7423ABBE2913E70D50E9318AD57EE4
Creation and modification date: 2009-12-27 05:24 - 2015-09-02 13:48
Size: 0144200
Attributes: ---AT
Company Name: Google Inc.
Internal Name: Google Update
Original Name: GoogleUpdate.exe
Product: Google Update
Description: Google Installer
File Version: 1.3.28.13
Product Version: 1.3.28.13
Copyright: Copyright 2007-2010 Google Inc.
 
====== End of File: ======
 
 
==== End of Fixlog 08:09:49 ====
 
 
Windows Repair Log (this was done in safe mode, so when it says to try and do it in that mode, I already was):
 
weaking.com - Windows Repair v3.5.0
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: DAVIDIANCOOP-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\davidiancooper
Current Profile SID: S-1-5-21-864600554-300862844-3135038954-1000
Current Profile Classes: S-1-5-21-864600554-300862844-3135038954-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\DAVIDI~1\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:07:29
 
Process Count: 23
Commit Total: 423.01 MB
Commit Limit: 7.10 GB
Commit Peak: 482.34 MB
Handle Count: 5148
Kernel Total: 105.93 MB
Kernel Paged: 67.32 MB
Kernel Non Paged: 38.60 MB
System Cache: 841.94 MB
Thread Count: 255
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.46 GB
Memory Used: 661.95 MB(18.6809%)
Memory Avail.: 2.81 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.46 GB
Memory Used: 662.50 MB(18.6964%)
Memory Avail.: 2.81 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (15/09/2015 7:14:17 PM)
 
 
The current repair has failed to start for over 30 sec.
Trying Again....
 
 
The current repair has failed to start for over 30 sec.
Trying Again....
 
 
The current repair has failed to start for over 30 sec.
Trying Again....
 
   Done, but failed, at (15/09/2015 7:16:17 PM)
   Total Repair Time: 00:02:03
 
The current repair has failed to start 4 times.
Something is keeping the repair from running.
 
Try running the repairs in Windows Safe Mode. (This will keep 3rd party programs from getting in the way of the repairs)
If the repairs still fail then please post in the Tweaking.com forums for support.
 
 
No noticeable change in computer performance. Any program that is run I have to generate from the command prompt, as if I try and launch it through a regular Windows interface it simply brings up the "view and track downloads" box.
 
Blessings
 
Mark


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 15 September 2015 - 11:38 AM

Hi Mark,

Let's try to run the Program as a standalone. Please do it this way and see if we can do better.

===================================================

Windows Repair (All in One) Portable

--------------------
  • From a clean computer download Windows Repair (All in One) Portable onto a USB device
  • Remove the USB device and insert it into your infected computer
  • Press press Windows Key + E at the same time
  • Navigate to the tweaking.com_windows_repair_aio folder and Unzip the folder onto your USB device
  • Remove the USB device and insert it into the problem computer
  • Press press Windows Key + E at the same time
  • Navigate to and double click the Tweaking.com - Windows Repair folder
  • Double click on Repair_Windows icon
  • Go to the Repairs tab and click Open Repairs

p22012124.jpg.gif

  • Leave the default check marks and click Start Repairs

p22012126.jpg.gif

  • Your computer will reboot upon completion
  • Double click the Logs folder on your USB device
  • Double click the file folder created on today's date
  • Double click on _Windows_Repair_Log
  • Copy and paste the contents of the report in your reply
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows All in One log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 16 September 2015 - 03:45 PM

Hi, Program just won't launch, either if I do it through the Windows + E key, or if I launch it from Command Prompt, in Normal Mode, I get the View and Track Downloads shot (.jpg attached).

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 16 September 2015 - 03:49 PM

OK, please do this.

===================================================

Resetting Internet Explorer Using Microsoft Fix it 50195

--------------------
  • Download Microsoft Fix it 50195 and save it to your desktop
  • Double click the icon and select Run
  • Click I Agree, then Next 2 times
  • Click Reset (Do not place a check mark in the Delete personal settings box)
  • Launch Internet Explorer and check to see if it performs properly
  • If Internet Explorer does not function properly please rerun the steps and place a check mark in the Delete personal settings box (take note of what will be deleted - your bookmarks will remain)
  • Test your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 16 September 2015 - 03:51 PM

If that will not work do it manually this way.

===================================================

Resetting Internet Explorer Settings to Default

--------------------
  • Launch Internet Explorer
  • Select Tools, Internet Options, and then the General tab
  • Under Browsing history check only the following

Preserve Favorites website data
Temporary Internet files and website files
Coolies and website data
History

  • Click Delete...
  • Click the Advanced tab
  • Under Reset Internet Explorer settings Click Reset...
  • On the warning page click Reset again
  • Click Close, then OK
  • Check your computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 16 September 2015 - 04:09 PM

Fore the FixIt process, it works until a program is triggered called "cscript.exe" which then brings up the "View Downloads" box. As a result I get a dialog box saying that Microsoft FixIt failed to process. I don't get an option to check or uncheck a Personal Settings box.

 

I can't complete the task manually in Internet Explorer because as soon as I launch iexplore.exe, the View Downloads box appears. It seems like any file which is .exe immediately hits the problem.

 

This was all done in Normal Mode.

 

Sorry that this computer seems to be so infected.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 16 September 2015 - 04:14 PM

No need to be sorry, this is not unusual.

Try to launch Internet Explorer as directed below and see if you can complete the manual reset.

===================================================

Launching Internet Explorer Without Add-ons

----------
  • Click Start
  • Type iexplore.exe -extoff then press Enter
  • Attempt to reset Internet Explorer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Erastus

Erastus
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 16 September 2015 - 04:28 PM

Nup. Just keeps bringing up the View Downloads box.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,971 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:32 PM

Posted 16 September 2015 - 04:40 PM

OK, let's try to do it this way.

===================================================

Resetting Internet Explorer Settings to Default Using inetcpl.cpl

--------------------
  • Press the Windows Key + R at the same time.
  • Type inetcpl.cpl and hit Enter
  • Click the Advanced tab
  • Under Reset Internet Explorer settings click Reset...
  • On the warning page click Reset again
  • Click Close, then OK
  • Reboot your computer and test the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users