rbwilso

Aura, Thanks for the quality help. I'm sorry it took a couple days to get back with you, work and life and all that! I forgot to save the file after running delfix, but it reported no errors. Thanks again for all the help! Ronald

My system is running normal again. I don't see any effects from the malware that I was before. CPU usage isn't maxed out all the time, and anti-virus software runs fine. I think we may have it fixed! Ronald

Fixlog.txt

Addition.txtFRST.txt

AdwCleaner[C0].txt rk_D632.tmp.txt

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/4/17 Scan Time: 7:47 PM Log File: d26ad2d2-d955-11e7-ae50-0024e8c87ef6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3409 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: 229-\Ronald -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 266828 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 8 min, 20 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TIs5BpoyCnWf Updater, Delete-on-Reboot, [2064], [372679],1.0.3409 Registry Value: 4 PUP.Optional.WinResSync.Generic, HKU\S-1-5-21-2806366666-2974687482-2679796970-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinResSync, Delete-on-Reboot, [14827], [462913],1.0.3409 Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TIs5BpoyCnWf Updater|IMAGEPATH, Delete-on-Reboot, [2064], [372679],1.0.3409 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{D649F475-2F6B-46E5-B78E-0FFE6D34ABC1}|NAMESERVER, Delete-on-Reboot, [5278], [260227],1.0.3409 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{DE457C75-8C55-48BB-94A6-31D3A26854CD}|NAMESERVER, Delete-on-Reboot, [5278], [260227],1.0.3409 Registry Data: 6 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{16A11EC8-9C5B-4222-AD1C-E7B3931C380D}|NameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{D649F475-2F6B-46E5-B78E-0FFE6D34ABC1}|NameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{D649F475-2F6B-46E5-B78E-0FFE6D34ABC1}|DhcpNameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{DE457C75-8C55-48BB-94A6-31D3A26854CD}|NameServer, Replace-on-Reboot, [5278], [-1],0.0.0 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.WinResSync.Generic, C:\USERS\RONALD\APPDATA\ROAMING\MICROSOFT\PROTECT\c65560-0d5fe1-fb5f3028-ddf3b0-4fa0.rs, Delete-on-Reboot, [14827], [462913],1.0.3409 Physical Sector: 0 (No malicious items detected) (end)

So when I went to download the 32bit version, my desktop detected malware on my thumb drive and actually deleted the frst64.exe file. I re-downloaded the 32 and 64 bit, thinking that perhaps the malware had infected my copy of frst64.exe, and sure enough I was able to run it this time. Here is the resulting fixlog.txt file. Fixlog.txt

I am at work now, I’ll get that done when I get home around 1pm est.

That is correct.

I have the 64-but version on my usb drive, and yes I was in the RE when I tried to run it.

I have tried performing this step, but I get the following error when attempting to run frst64.exe The subsystem needed to support the image type is not present. Any ideas?

Here are the results. -Ronald Fixlog.txt

I have several USB drives up to 64g. I have already loaded FRST on one as well.

I have some locked folders on my laptop, and I saw in this forum that I have the exact same locked files and folders, as well as the same symptoms. I have attached both files from FRST and would love some assistance in resolving this issue. Addition.txt FRST.txt