Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vosteran Infected - Help Please! [Solved]

Vosteran

  • This topic is locked This topic is locked
40 replies to this topic

#16 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2015 - 05:16 PM

Boot back up in normal windows , do you remember where you saved it ?  On your desktop or maybe your downloads folder ??   There are other scanners but most wont work with Win 8 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#17 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 15 January 2015 - 05:42 PM

Alright, I was able to find it in downloads and I did a scan before I switched back. When i switched back I could only find this file I'm not sure if this is the right one and if I need to keep looking for the other one? 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Elisha (administrator) on ELISHA on 15-01-2015 17:13:02
Running from C:\Users\Elisha\Downloads
Loaded Profiles: Elisha &  (Available profiles: Elisha)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrrealtime.p5x
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs-x32: C:/PROGRA~3/{2809C~1/171~1.0/rala.dll => C:/PROGRA~3/{2809C~1/171~1.0/rala.dll [649216 2015-01-13] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtC0Czyzy0Azz0E0CyD0EtN0D0Tzu0StCtCtDzztN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzzyEyEzy0CyB0CtG0AtA0DyDtG0CyEzytBtGtA0B0BtAtGyCyCtCtC0EtDyEtCzyzztC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyD0AtCyBtDtGyB0FtCzytGyEyC0CzztG0AzztC0BtG0A0EtC0ByC0AtBzztBtDyDtD2Q&cr=1776513807&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 17:02 - 2015-01-15 17:02 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-14 17:55 - 2015-01-14 17:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\PCDr
2015-01-14 17:54 - 2015-01-14 17:54 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-14 17:32 - 2015-01-14 17:32 - 00000000 ____D () C:\Users\Elisha\Downloads\FRST-OlderVersion
2015-01-14 00:12 - 2015-01-15 17:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 00:11 - 2015-01-15 17:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-14 00:11 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 00:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 00:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 00:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 00:08 - 2015-01-14 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisha\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 00:05 - 2015-01-14 00:05 - 00000813 _____ () C:\Users\Elisha\Desktop\JRT.txt
2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 23:56 - 2015-01-13 23:57 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (2).exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT.exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (1).exe
2015-01-13 23:44 - 2015-01-13 23:49 - 00000000 ____D () C:\AdwCleaner
2015-01-13 23:43 - 2015-01-13 23:43 - 02191360 _____ () C:\Users\Elisha\Downloads\AdwCleaner.exe
2015-01-13 22:24 - 2015-01-15 00:20 - 00000929 _____ () C:\Users\Elisha\Downloads\Addition.txt
2015-01-13 22:23 - 2015-01-15 17:13 - 00020681 _____ () C:\Users\Elisha\Downloads\FRST.txt
2015-01-13 22:21 - 2015-01-15 17:13 - 00000000 ____D () C:\FRST
2015-01-13 22:21 - 2015-01-14 17:32 - 02125312 _____ (Farbar) C:\Users\Elisha\Downloads\FRST64.exe
2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG
2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe
2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}
2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe
2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton
2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON
2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
2014-12-17 09:10 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-17 09:10 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 17:08 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-15 17:06 - 2014-11-28 20:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002
2015-01-15 17:05 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}
2015-01-15 17:05 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-01-15 17:02 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 17:02 - 2014-12-03 20:23 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha
2015-01-15 17:02 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive
2015-01-15 17:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-15 00:17 - 2014-10-23 12:33 - 01827848 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 23:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 23:54 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-14 23:54 - 2013-08-22 09:46 - 00023338 _____ () C:\Windows\setupact.log
2015-01-14 23:54 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 22:36 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-14 21:19 - 2014-03-18 04:44 - 00019296 _____ () C:\Windows\PFRO.log
2015-01-14 21:19 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-14 21:18 - 2014-12-02 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:09 - 2014-12-02 20:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 15:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-14 02:30 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps
2015-01-14 00:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2015-01-13 23:56 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 23:42 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files
2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity
2015-01-10 00:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website
2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages
2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-19 23:07 - 2014-10-23 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-19 23:03 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha
2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
 
Some content of TEMP:
====================
C:\Users\Elisha\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


#18 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2015 - 06:15 PM

Great Job   :thumbup:

 

I need to see the Additions log also but lets do this first

 

Do this, first lets set Chome back to defaults because I still see Vosteran on it

 

  •  
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults
 
 
 
 
 
Then go to your downloads folder and look for FRST64, right click on it and select CUT, then come back to your desktop , right click on a blank space and select PASTE
 
Then right click on FRST64 on your desktop and select RUN AS ADMINISTRATOR, when it opens check mark Additions and run  new scan and post both new logs please


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#19 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 15 January 2015 - 07:00 PM

I did what you said with the FRST and did a scan it's doing what it was before, but this time the logs showed up in a blank space on the screen. Anyway I got it, but I can't exit out of FRST for some reason.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Elisha (administrator) on ELISHA on 15-01-2015 19:49:38
Running from C:\Users\Elisha\Desktop
Loaded Profiles: Elisha (Available profiles: Elisha)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs-x32: C:/PROGRA~3/{2809C~1/171~1.0/rala.dll => C:/PROGRA~3/{2809C~1/171~1.0/rala.dll [649216 2015-01-13] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150114.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150114.038\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150114.038\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 19:49 - 2015-01-15 19:50 - 00018721 _____ () C:\Users\Elisha\Desktop\FRST.txt
2015-01-15 18:32 - 2015-01-15 18:32 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-14 17:55 - 2015-01-14 17:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\PCDr
2015-01-14 17:54 - 2015-01-14 17:54 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-14 17:32 - 2015-01-15 18:28 - 00000000 ____D () C:\Users\Elisha\Downloads\FRST-OlderVersion
2015-01-14 00:12 - 2015-01-15 19:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 00:11 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-14 00:11 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 00:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 00:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 00:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 00:08 - 2015-01-14 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisha\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 00:05 - 2015-01-14 00:05 - 00000813 _____ () C:\Users\Elisha\Desktop\JRT.txt
2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 23:56 - 2015-01-13 23:57 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (2).exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT.exe
2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (1).exe
2015-01-13 23:44 - 2015-01-13 23:49 - 00000000 ____D () C:\AdwCleaner
2015-01-13 23:43 - 2015-01-13 23:43 - 02191360 _____ () C:\Users\Elisha\Downloads\AdwCleaner.exe
2015-01-13 22:24 - 2015-01-15 17:18 - 00000930 _____ () C:\Users\Elisha\Downloads\Addition.txt
2015-01-13 22:23 - 2015-01-15 17:14 - 00034755 _____ () C:\Users\Elisha\Downloads\FRST.txt
2015-01-13 22:21 - 2015-01-15 19:49 - 00000000 ____D () C:\FRST
2015-01-13 22:21 - 2015-01-14 17:32 - 02125312 _____ (Farbar) C:\Users\Elisha\Desktop\FRST64.exe
2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG
2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe
2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}
2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe
2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton
2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON
2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
2014-12-17 09:10 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-17 09:10 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 19:06 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-01-15 19:06 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-15 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-15 18:56 - 2014-10-23 12:33 - 01921354 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 18:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 18:53 - 2014-12-03 20:23 - 00004968 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha
2015-01-15 18:50 - 2014-11-28 20:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002
2015-01-15 18:31 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 18:31 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive
2015-01-15 18:30 - 2013-08-22 09:46 - 00023570 _____ () C:\Windows\setupact.log
2015-01-15 18:30 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 17:45 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-15 17:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-15 17:19 - 2014-03-18 04:44 - 00020290 _____ () C:\Windows\PFRO.log
2015-01-15 17:18 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-15 17:05 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}
2015-01-14 21:18 - 2014-12-02 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:09 - 2014-12-02 20:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 15:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-14 02:30 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps
2015-01-14 00:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
2015-01-13 23:56 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 23:42 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files
2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity
2015-01-10 00:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-05 19:08 - 2014-12-10 17:05 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 19:08 - 2014-12-10 17:05 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website
2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages
2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-19 23:07 - 2014-10-23 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-19 23:03 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha
2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
 
Some content of TEMP:
====================
C:\Users\Elisha\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisha\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Elisha at 2015-01-15 19:50:59
Running from C:\Users\Elisha\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 


#20 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2015 - 07:10 PM

You can go to task manager ( Ctrl   Alt  Del ) on your keyboard and highlight FRST and end process

 

 

Your Additions log is incomplete, open it and on the top under edit click on Select All...Edit Copy and post the log



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#21 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 15 January 2015 - 07:14 PM

I thought it was too, but that is all that's there 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Elisha at 2015-01-15 19:50:59
Running from C:\Users\Elisha\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


#22 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2015 - 07:28 PM

Drag the FRST log and the Additions log to the trash.  Reboot your system and run a new scan with FRST, be sure to checkmark Additions and post both new logs and lets see how it goes

 

Been a loooooooooooong day, be back in the am for about an hour and will be offline until late afternoon



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#23 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 16 January 2015 - 02:34 PM

I did the same thing happened. 



#24 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 January 2015 - 02:58 PM

Not sure whats going on, going to give you a few programs to run to see if there is a rootkit type of hidden infection present

 

Disable your antivirus software so you can download and run these one at a time

 

Please download Malwarebytes Anti-Rootkit from Here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  •  
     
     
     
     
     
     
     
     
     
    ====================================================
     
     

    Please download TDSSKiller
  • Download TDSSKiller.exe to your desktop, if it is prevented from being downloaded than download the Zip version and extract it to your desktop
  • Double click TDSSKiller To start the program <-- XP/Vista Users
  • Right Click TDSSKiller and select RUN AS ADMINISTRATOR <--Windows 7 and 8
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #25 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 17 January 2015 - 04:11 PM

    :( It will not let me scan with the Malwarebytes' anti-Rookit unless I completely exit the Malwarebytes' anti-malware and I don't know how to do that.


      Advertisements

    Register to Remove


    #26 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 January 2015 - 04:37 PM

    Go to Task Manager Ctrl Alt Del on your keyboard and look for Malwarebytes, select it and chose END Task



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #27 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 17 January 2015 - 05:47 PM

    I don't have it up. I thought it might mean turn it off like the antivirus, but I don't know. I even restarted the computer. 



    #28 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 January 2015 - 05:53 PM

    Been at this for many many years and even have worked many Win 8 machines and never seen other people having problems running programs that you are encountering, but it may not be your fault. Tell me this, how is your computer running, any browser redirects or unwanted pop up windows ?

     

    Bypass Malwarebytes Anti Rootkit and run TDSSkiller



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #29 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 17 January 2015 - 05:59 PM

    :wacko: It is running fine as far as I can tell. 



    #30 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 January 2015 - 06:03 PM

    Bypass Malwarebytes Anti Rootkit and run TDSSkiller



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics




    Also tagged with one or more of these keywords: Vosteran

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users