Jump to content

PUP entries in maleware scanmy search


Recommended Posts

Hello, started seeing 37 lines for Pup I have a attach and dds file and MBAM log attacked below, and I did check and remove maleware then on next scan they are all detected again. Please assist if possible, and thanks in advance, John

Attached Files

 

Link to post
Share on other sites

Hi and Welcome!!   

 

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

 

  • The fixes are specific to your problem and should only be used for the issues on this machine.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.

Please be sure to subscribe to the topic if you have not already done so.


IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 

Having said that....   YBCQLm4.gif   Let's get going!!  

----------

 


81mYIKe.jpg  AdwCleaner

 

Please download AdwCleaner by Xplode and save to your Desktop.


Double click on AdwCleaner.exe to run the tool

Vista/Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

Copy and paste the contents of that logfile in your next reply.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


 

Link to post
Share on other sites

Hello Jeff, Thanks for the quick reply here is the scan adware

# AdwCleaner v3.018 - Report created 29/01/2014 at 08:34:22
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHNLAURENPC
# Running from : C:\Users\Johnc\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Johnc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : icon_url
Found : search_url
Found : keyword
 
*************************
 
AdwCleaner[R0].txt - [6119 octets] - [28/01/2014 14:58:02]
AdwCleaner[R1].txt - [1001 octets] - [29/01/2014 08:34:22]
AdwCleaner[s0].txt - [5190 octets] - [28/01/2014 15:41:32]
 
########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1121 octets] ##########
 
 
also of note this morning the maleware scan came up clean i have included that scan log as well should you need it
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.27.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Johnc :: JOHNLAURENPC [limited]
 
1/29/2014 8:06:11 AM
mbam-log-2014-01-29 (08-06-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251538
Time elapsed: 10 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Thanks, John
Link to post
Share on other sites

Hi,
 
Good job!   :)  Let's keep going as there is still more malware showing in the logs you provided....
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
Link to post
Share on other sites

Here...I just downloaded it....I zipped it and attached it for you.  Just download the attachment to your Desktop and then Extract all to your Desktop.  Run ComboFix from there....Let me know if you have any problems.   :)

 

 

Link to post
Share on other sites

ComboFix 14-01-29.01 - John 01/29/2014  18:17:26.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2156 [GMT -5:00]

Running from: c:\users\Johnc\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\~GLHTTP1.TMP

c:\programdata\Microsoft\Windows\DRM\3473.tmp

c:\programdata\Microsoft\Windows\DRM\93D.tmp

c:\users\John\Desktop\Search.lnk

c:\users\John\GoToAssistDownloadHelper (1).exe

c:\users\John\GoToAssistDownloadHelper.exe

c:\users\Johnc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF982264-25C3-4AEE-B42F-88D346025555}.xps

c:\users\Johnc\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F17EA21C-68C7-4ACB-9193-801136AD07C7}.xps

c:\users\Johnc\AppData\Roaming\94BB83F2.reg

c:\users\Johnc\AppData\Roaming\avbase.dat

c:\users\Johnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

c:\users\Johnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk

c:\users\Johnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk

c:\users\Johnc\AppData\Roaming\skype.ini

c:\users\Johnc\Desktop\Internet Security.lnk

c:\users\Johnc\GoToAssistDownloadHelper.exe

c:\users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\{17DF1E7C-4437-45E5-8C14-C03DF9EFBE91}.xps

c:\users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D75FAAD6-A56E-4512-894E-479D52ECADCB}.xps

I:\Setup.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29  )))))))))))))))))))))))))))))))

.

.

2014-01-29 23:27 . 2014-01-29 23:27 -------- d-----w- c:\users\Lauren\AppData\Local\temp

2014-01-29 23:27 . 2014-01-29 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-29 23:26 . 2014-01-29 23:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-01-28 19:57 . 2014-01-29 13:35 -------- d-----w- C:\AdwCleaner

2014-01-26 18:24 . 2014-01-26 19:28 -------- d-----w- c:\program files (x86)\RightSurf

2014-01-26 18:23 . 2014-01-27 13:29 -------- d-----w- c:\users\John\AppData\Roaming\DigitalSites

2014-01-22 00:22 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2014-01-15 16:51 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-15 16:51 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-15 16:51 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-15 16:51 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-15 16:51 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-15 16:51 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-15 16:51 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-15 16:50 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-15 16:50 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-21 13:56 . 2012-04-09 13:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-21 13:56 . 2011-06-28 01:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-16 03:42 . 2010-02-06 20:11 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-14 23:25 . 2013-12-14 20:35 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-12-05 21:51 . 2010-09-07 21:31 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-12-05 21:45 . 2010-09-07 21:31 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-12-05 21:41 . 2010-09-07 21:31 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-12-05 21:39 . 2010-09-07 21:31 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-12-05 21:37 . 2010-09-07 21:31 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-12-05 21:36 . 2010-09-07 21:31 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-11-27 04:18 . 2013-11-27 04:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-27 04:18 . 2013-11-27 04:18 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-27 04:18 . 2013-11-27 04:18 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-27 04:18 . 2013-11-27 04:18 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-27 04:18 . 2013-11-27 04:18 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-27 04:18 . 2013-11-27 04:18 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-27 04:18 . 2013-11-27 04:18 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-27 04:18 . 2013-11-27 04:18 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-27 04:18 . 2013-11-27 04:18 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-27 04:18 . 2013-11-27 04:18 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-27 04:18 . 2013-11-27 04:18 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-27 04:18 . 2013-11-27 04:18 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-27 04:18 . 2013-11-27 04:18 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-27 04:18 . 2013-11-27 04:18 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-27 04:18 . 2013-11-27 04:18 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-27 04:18 . 2013-11-27 04:18 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-27 04:18 . 2013-11-27 04:18 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-27 04:18 . 2013-11-27 04:18 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-27 04:18 . 2013-11-27 04:18 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-27 04:18 . 2013-11-27 04:18 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-27 04:18 . 2013-11-27 04:18 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-27 04:18 . 2013-11-27 04:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-27 04:18 . 2013-11-27 04:18 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-27 04:18 . 2013-11-27 04:18 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-27 04:18 . 2013-11-27 04:18 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-27 04:18 . 2013-11-27 04:18 413696 ----a-w- c:\windows\system32\html.iec

2013-11-27 04:18 . 2013-11-27 04:18 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-27 04:18 . 2013-11-27 04:18 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-27 04:18 . 2013-11-27 04:18 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-27 04:18 . 2013-11-27 04:18 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-27 04:18 . 2013-11-27 04:18 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-27 04:18 . 2013-11-27 04:18 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-27 04:18 . 2013-11-27 04:18 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-27 04:18 . 2013-11-27 04:18 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-27 04:18 . 2013-11-27 04:18 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-27 04:18 . 2013-11-27 04:18 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-27 04:18 . 2013-11-27 04:18 235520 ----a-w- c:\windows\system32\url.dll

2013-11-27 04:18 . 2013-11-27 04:18 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-27 04:18 . 2013-11-27 04:18 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-27 04:18 . 2013-11-27 04:18 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-27 04:18 . 2013-11-27 04:18 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-27 04:18 . 2013-11-27 04:18 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-27 04:18 . 2013-11-27 04:18 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-27 04:18 . 2013-11-27 04:18 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-27 04:18 . 2013-11-27 04:18 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-27 04:18 . 2013-11-27 04:18 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-27 04:18 . 2013-11-27 04:18 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-27 04:18 . 2013-11-27 04:18 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-27 04:18 . 2013-11-27 04:18 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-27 04:18 . 2013-11-27 04:18 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-27 04:18 . 2013-11-27 04:18 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-27 04:18 . 2013-11-27 04:18 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-27 04:18 . 2013-11-27 04:18 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-27 04:18 . 2013-11-27 04:18 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-27 04:18 . 2013-11-27 04:18 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-27 04:18 . 2013-11-27 04:18 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-27 03:07 . 2013-11-27 03:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2013-11-27 03:07 . 2013-11-27 03:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2013-11-27 03:07 . 2013-11-27 03:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2013-11-26 11:54 . 2013-12-11 08:03 23183360 ----a-w- c:\windows\system32\mshtml.dll

2013-11-26 10:19 . 2013-12-11 08:03 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 10:18 . 2013-12-11 08:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 09:48 . 2013-12-11 08:03 66048 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 09:46 . 2013-12-11 08:03 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 09:41 . 2013-12-11 08:03 2764288 ----a-w- c:\windows\system32\iertutil.dll

2013-11-26 09:29 . 2013-12-11 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-26 09:27 . 2013-12-11 08:03 33792 ----a-w- c:\windows\system32\iernonce.dll

2013-11-26 09:23 . 2013-12-11 08:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-26 09:21 . 2013-12-11 08:03 574976 ----a-w- c:\windows\system32\ieui.dll

2013-11-26 09:18 . 2013-12-11 08:03 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 09:18 . 2013-12-11 08:03 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 09:16 . 2013-12-11 08:03 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:57 . 2013-12-11 08:03 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2013-11-26 08:35 . 2013-12-11 08:03 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 08:28 . 2013-12-11 08:03 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16 . 2013-12-11 08:03 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-26 08:02 . 2013-12-11 08:03 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 07:48 . 2013-12-11 08:03 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-11-26 07:32 . 2013-12-11 08:03 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07 . 2013-12-11 08:03 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-11-26 06:40 . 2013-12-11 08:03 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-11-26 06:34 . 2013-12-11 08:03 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2013-11-26 06:33 . 2013-12-11 08:03 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-23 18:26 . 2013-12-10 22:21 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-10 22:21 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-23 00:11 . 2013-11-23 00:10 7450784 ----a-w- c:\users\John\AppData\Roaming\Affixa-Setup-Full.exe

2013-11-12 02:23 . 2013-12-10 22:20 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}]

2014-01-25 03:09 249632 ----a-w- c:\program files (x86)\RightSurf\RightSurfBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-13 5492096]

"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]

"AffixaPersonalSettings"="c:\program files (x86)\Affixa\AffixaHandler.exe" [2013-11-17 300144]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-09-17 120048]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Johnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

R2 0046191391004628mcinstcleanup;McAfee Application Installer Cleanup (0046191391004628);c:\windows\TEMP\004619~1.EXE;c:\windows\TEMP\004619~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]

S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [x]

S2 Update RightSurf;Update RightSurf;c:\program files (x86)\RightSurf\updateRightSurf.exe;c:\program files (x86)\RightSurf\updateRightSurf.exe [x]

S2 Util RightSurf;Util RightSurf;c:\program files (x86)\RightSurf\bin\utilRightSurf.exe;c:\program files (x86)\RightSurf\bin\utilRightSurf.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-29 13:04 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:56]

.

2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 18:28]

.

2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 18:28]

.

2014-01-29 c:\windows\Tasks\{DB83A1EF-0CBB-422D-9016-6190BFCC2CA1}.job

- c:\users\Johnc\AppData\Local\88987a0c-5be7-4b22-8a7a-6e3596b383f9ad\acbebaaebfad.exe [2013-07-09 02:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm




mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost



IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: about.com\homerenovations

Trusted Zone: about.com\interiordec

Trusted Zone: abstractlogix.com\www

Trusted Zone: acousticguitar.com\www

Trusted Zone: acousticguitarcommunity.com\www

Trusted Zone: adobe.com\get

Trusted Zone: adobe.com\www

Trusted Zone: adp.com\ipay

Trusted Zone: adp.com\netsecure

Trusted Zone: allofmp3.com\www

Trusted Zone: amazon.com\www

Trusted Zone: angelo.com\www

Trusted Zone: angieslist.com\www

Trusted Zone: aol.com\greetings

Trusted Zone: attblueroom.com

Trusted Zone: audiophileimports.com\www

Trusted Zone: automotiveforums.com\www

Trusted Zone: avsforum.com\www

Trusted Zone: barackobama.com\my

Trusted Zone: barackobama.com\www

Trusted Zone: bethelwoodslive.org\www

Trusted Zone: billevanssax.com

Trusted Zone: bluemountain.com\www

Trusted Zone: bluemountain.com\www1

Trusted Zone: bobvila.com\www

Trusted Zone: carrentals.com\www

Trusted Zone: ceaconnectionsguide.com\www

Trusted Zone: cflbulbs.com

Trusted Zone: clearwater.org\www

Trusted Zone: cnet.com\download

Trusted Zone: cnet.com\reviews

Trusted Zone: cnysource.com\www

Trusted Zone: companionbooking.com\www

Trusted Zone: consumerreports.org\ec

Trusted Zone: consumerreports.org\www

Trusted Zone: consumersearch.com\www

Trusted Zone: continental.com\www

Trusted Zone: dailymotion.com\www

Trusted Zone: dandavats.com\www

Trusted Zone: dell.com\support

Trusted Zone: dell.com\www

Trusted Zone: dolans.com\www

Trusted Zone: driveragent.com

Trusted Zone: earthlab.com\www

Trusted Zone: ebay.com\popular

Trusted Zone: ebayuniversity.com\www

Trusted Zone: eftps.gov\www

Trusted Zone: emdr.com\lists

Trusted Zone: esupport.com\login

Trusted Zone: fasthardwoodfloors.com\www

Trusted Zone: fcimag.com\www

Trusted Zone: fivepeaceband.com\www

Trusted Zone: folkofthewood.com\www

Trusted Zone: frontgatesolutions.com\bouldertheater

Trusted Zone: georgeharrison.com

Trusted Zone: georgeharrison.com\www

Trusted Zone: glennalexander.com\www

Trusted Zone: gmail.com

Trusted Zone: gmsupplierdiscount.com\www

Trusted Zone: go.com\abclocal

Trusted Zone: google.com\mail

Trusted Zone: google.com\video

Trusted Zone: google.com\www

Trusted Zone: gouranga.tv

Trusted Zone: greenpeace.org\www

Trusted Zone: guitar-channel.com\www

Trusted Zone: guitarcenter.com\www

Trusted Zone: guitargrid.com\www

Trusted Zone: hallmark.com\www

Trusted Zone: harmony-central.com\acapella

Trusted Zone: harmony-central.com\rhythm

Trusted Zone: harmony-central.com\www

Trusted Zone: hbo.com\www

Trusted Zone: homedepot.com\www

Trusted Zone: homes.com\www

Trusted Zone: hoskinghardwood.com\www

Trusted Zone: hotel-chateau-argoat.qc.ca\www

Trusted Zone: hotellabelle.com\www

Trusted Zone: hsus.org\video

Trusted Zone: ietravel.com\www

Trusted Zone: inews3.com\www

Trusted Zone: ingdirect.com\www

Trusted Zone: insidenissan.com\www

Trusted Zone: inspiredprotagonist.com\www

Trusted Zone: internet

Trusted Zone: investedinterests.com\www

Trusted Zone: jacquielawson.com\www

Trusted Zone: jazzfusion.tv\www

Trusted Zone: johnmclaughlin.com

Trusted Zone: johnmclaughlin.com\www

Trusted Zone: karndean.com\www

Trusted Zone: kayak.com\www

Trusted Zone: kodakgallery.com\www

Trusted Zone: lcdtvbuyingguide.com\www

Trusted Zone: lenouvelhotel.com\www

Trusted Zone: lens123.com\www

Trusted Zone: lohud.com\www

Trusted Zone: marriott.com\www

Trusted Zone: mcafee.com

Trusted Zone: memoriter.net

Trusted Zone: metronomeonline.com\www

Trusted Zone: michaelmucklow.com\www

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

Trusted Zone: microsoft.com.\windowsupdate

Trusted Zone: miragefloors.com\www

Trusted Zone: montrealguitarshow.com\www

Trusted Zone: montrealjazzfest.com\www

Trusted Zone: morningstar.com\quicktake

Trusted Zone: mtbmoneymarket.com\www

Trusted Zone: muralicoryell.com\www

Trusted Zone: musicnotes.com\www

Trusted Zone: myspace.com\profile

Trusted Zone: myspace.com\viewmorepics

Trusted Zone: myspace.com\www

Trusted Zone: naturalcork.com\www

Trusted Zone: netflix.com\www

Trusted Zone: nissanusa.com\www

Trusted Zone: nmrusa.com\www

Trusted Zone: npr.org\www

Trusted Zone: nps.gov\www

Trusted Zone: nyc.com\www

Trusted Zone: oce.com\webmail02

Trusted Zone: oceemployee.com

Trusted Zone: oceusa.com\www

Trusted Zone: optimum.com\www

Trusted Zone: optimum.net\www

Trusted Zone: optimumrewards.com\www

Trusted Zone: optonline.net\www

Trusted Zone: orpainting.com\www

Trusted Zone: pacificpalacehotel.com\www

Trusted Zone: parkterracebistro.com

Trusted Zone: phillesh.net\www

Trusted Zone: photobucket.com\s283

Trusted Zone: planetwaves.com

Trusted Zone: planetwaves.com\www

Trusted Zone: pollstar.com\www

Trusted Zone: pontiac.com\www

Trusted Zone: pricegrabber.com\electronics

Trusted Zone: propertyslideshows.com\www

Trusted Zone: radiotime.com

Trusted Zone: realbiz360.com\vt

Trusted Zone: redcliffslodge.com\www

Trusted Zone: remodelhomeguide.com

Trusted Zone: restaurantrowrockland.com\www

Trusted Zone: return2forever.com\www

Trusted Zone: samsung.com\pages

Trusted Zone: samsung.com\www

Trusted Zone: saturn.com\www

Trusted Zone: sears.com\www

Trusted Zone: simlahouse.com\www

Trusted Zone: smartratings.com\www

Trusted Zone: snapfish.com\www1

Trusted Zone: spac.org\www

Trusted Zone: starbucks.com\www

Trusted Zone: startnfinish.com\www

Trusted Zone: stepitup2007.org\events

Trusted Zone: symantecstore.com\www

Trusted Zone: telluridejazz.org

Trusted Zone: templar.com\www

Trusted Zone: thefloorauthority.com\www

Trusted Zone: themusicalbox.net\www

Trusted Zone: therealallanholdsworth.com\www

Trusted Zone: ticketmaster.com\www

Trusted Zone: tigerdirect.com\www

Trusted Zone: tobyweiss.net\www

Trusted Zone: toloachenyc.com

Trusted Zone: toyota.com\www

Trusted Zone: toyotafinancial.com\www

Trusted Zone: trailofpaintedponies.com\www

Trusted Zone: troweprice.com\www

Trusted Zone: troweprice.com\www3

Trusted Zone: veryheavy.com\www

Trusted Zone: victors.com\www

Trusted Zone: viewpoints.com\www

Trusted Zone: visitmaine.com\www

Trusted Zone: visitpiermont.com\www

Trusted Zone: wainwrightbank.com\www

Trusted Zone: walkonwood.com\www

Trusted Zone: willcuttguitars.com\www

Trusted Zone: yourmusic.com\www

Trusted Zone: youtube.com

Trusted Zone: youtube.com\www

Trusted Zone: yuku.com\breedloveforum

Trusted Zone: zawinulmusic.com\www

Trusted Zone: zonealarm.com\download

Trusted Zone: zonelabs.com\www

TCP: DhcpNameServer = 192.168.1.1


.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-Verizon_McciTrayApp - \MCCITRAYAPP.EXE

HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE

HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE

HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE

HKLM-Run-Windows Mobile Device Center - DOWSMOBILE\WMDC.EXE

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Digital Sites - c:\users\John\AppData\Roaming\DIGITA~1\UpdateProc\UpdateTask.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-29  18:32:57

ComboFix-quarantined-files.txt  2014-01-29 23:32

.

Pre-Run: 630,684,848,128 bytes free

Post-Run: 640,971,579,392 bytes free

.

- - End Of File - - 2CF8ACEF7B330F0EA5DD32A3F7744A38

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\users\Johnc\AppData\Local\88987a0c-5be7-4b22-8a7a-6e3596b383f9ad\acbebaaebfad.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------

Link to post
Share on other sites

cant copy whole window indication of scan is that it is probably safe

 
Result Update AVG   20140130 Ad-Aware   20140130 Agnitum   20140130 AhnLab-V3   20140130 AntiVir   20140130 Antiy-AVL   20140130 Avast   20140130 Baidu-International   20140130 BitDefender   20140130 Bkav   20140125 ByteHero   20140126 CAT-QuickHeal   20140130 CMC   20140122 ClamAV   20140130 Commtouch   20140130 Comodo   20140130 DrWeb   20140130 ESET-NOD32   20140130 Emsisoft   20140130 F-Prot   20140130 F-Secure   20140130 Fortinet   20140130 GData   20140130 Ikarus   20140130 Jiangmin   20140130 K7AntiVirus   20140129 K7GW   20140130 Kaspersky   20140130 Kingsoft   20130829 Malwarebytes   20140130 McAfee   20140130 McAfee-GW-Edition   20140130 MicroWorld-eScan   20140130 Microsoft   20140130 NANO-Antivirus   20140130 Norman   20140130 Panda   20140130 Qihoo-360   20140126 Rising   20140130 SUPERAntiSpyware   20140130 Sophos   20140130 Symantec   20140130 TheHacker   20140128 TotalDefense   20140130 TrendMicro   20140130 TrendMicro-HouseCall   20140130 VBA32   20140130 VIPRE   20140130 ViRobot   20140130 nProtect   20140130
Link to post
Share on other sites

copy and paste the link to the results page in your next reply.

 

:)  No problem....I saw what I needed.  I am getting ready for class but will return as quickly as I can.  

Link to post
Share on other sites

Thanks for your patience...   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    uInternet Settings,ProxyOverride = localhost
    Trusted Zone: about.com\homerenovations
    Trusted Zone: about.com\interiordec
    Trusted Zone: abstractlogix.com\www
    Trusted Zone: acousticguitar.com\www
    Trusted Zone: acousticguitarcommunity.com\www
    Trusted Zone: adobe.com\get
    Trusted Zone: adobe.com\www
    Trusted Zone: adp.com\ipay
    Trusted Zone: adp.com\netsecure
    Trusted Zone: allofmp3.com\www
    Trusted Zone: amazon.com\www
    Trusted Zone: angelo.com\www
    Trusted Zone: angieslist.com\www
    Trusted Zone: aol.com\greetings
    Trusted Zone: attblueroom.com
    Trusted Zone: audiophileimports.com\www
    Trusted Zone: automotiveforums.com\www
    Trusted Zone: avsforum.com\www
    Trusted Zone: barackobama.com\my
    Trusted Zone: barackobama.com\www
    Trusted Zone: bethelwoodslive.org\www
    Trusted Zone: billevanssax.com
    Trusted Zone: bluemountain.com\www
    Trusted Zone: bluemountain.com\www1
    Trusted Zone: bobvila.com\www
    Trusted Zone: carrentals.com\www
    Trusted Zone: ceaconnectionsguide.com\www
    Trusted Zone: cflbulbs.com
    Trusted Zone: clearwater.org\www
    Trusted Zone: cnet.com\download
    Trusted Zone: cnet.com\reviews
    Trusted Zone: cnysource.com\www
    Trusted Zone: companionbooking.com\www
    Trusted Zone: consumerreports.org\ec
    Trusted Zone: consumerreports.org\www
    Trusted Zone: consumersearch.com\www
    Trusted Zone: continental.com\www
    Trusted Zone: dailymotion.com\www
    Trusted Zone: dandavats.com\www
    Trusted Zone: dell.com\support
    Trusted Zone: dell.com\www
    Trusted Zone: dolans.com\www
    Trusted Zone: driveragent.com
    Trusted Zone: earthlab.com\www
    Trusted Zone: ebay.com\popular
    Trusted Zone: ebayuniversity.com\www
    Trusted Zone: eftps.gov\www
    Trusted Zone: emdr.com\lists
    Trusted Zone: esupport.com\login
    Trusted Zone: fasthardwoodfloors.com\www
    Trusted Zone: fcimag.com\www
    Trusted Zone: fivepeaceband.com\www
    Trusted Zone: folkofthewood.com\www
    Trusted Zone: frontgatesolutions.com\bouldertheater
    Trusted Zone: georgeharrison.com
    Trusted Zone: georgeharrison.com\www
    Trusted Zone: glennalexander.com\www
    Trusted Zone: gmail.com
    Trusted Zone: gmsupplierdiscount.com\www
    Trusted Zone: go.com\abclocal
    Trusted Zone: google.com\mail
    Trusted Zone: google.com\video
    Trusted Zone: google.com\www
    Trusted Zone: gouranga.tv
    Trusted Zone: greenpeace.org\www
    Trusted Zone: guitar-channel.com\www
    Trusted Zone: guitarcenter.com\www
    Trusted Zone: guitargrid.com\www
    Trusted Zone: hallmark.com\www
    Trusted Zone: harmony-central.com\acapella
    Trusted Zone: harmony-central.com\rhythm
    Trusted Zone: harmony-central.com\www
    Trusted Zone: hbo.com\www
    Trusted Zone: homedepot.com\www
    Trusted Zone: homes.com\www
    Trusted Zone: hoskinghardwood.com\www
    Trusted Zone: hotel-chateau-argoat.qc.ca\www
    Trusted Zone: hotellabelle.com\www
    Trusted Zone: hsus.org\video
    Trusted Zone: ietravel.com\www
    Trusted Zone: inews3.com\www
    Trusted Zone: ingdirect.com\www
    Trusted Zone: insidenissan.com\www
    Trusted Zone: inspiredprotagonist.com\www
    Trusted Zone: internet
    Trusted Zone: investedinterests.com\www
    Trusted Zone: jacquielawson.com\www
    Trusted Zone: jazzfusion.tv\www
    Trusted Zone: johnmclaughlin.com
    Trusted Zone: johnmclaughlin.com\www
    Trusted Zone: karndean.com\www
    Trusted Zone: kayak.com\www
    Trusted Zone: kodakgallery.com\www
    Trusted Zone: lcdtvbuyingguide.com\www
    Trusted Zone: lenouvelhotel.com\www
    Trusted Zone: lens123.com\www
    Trusted Zone: lohud.com\www
    Trusted Zone: marriott.com\www
    Trusted Zone: mcafee.com
    Trusted Zone: memoriter.net
    Trusted Zone: metronomeonline.com\www
    Trusted Zone: michaelmucklow.com\www
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: microsoft.com\www.update
    Trusted Zone: microsoft.com.\windowsupdate
    Trusted Zone: miragefloors.com\www
    Trusted Zone: montrealguitarshow.com\www
    Trusted Zone: montrealjazzfest.com\www
    Trusted Zone: morningstar.com\quicktake
    Trusted Zone: mtbmoneymarket.com\www
    Trusted Zone: muralicoryell.com\www
    Trusted Zone: musicnotes.com\www
    Trusted Zone: myspace.com\profile
    Trusted Zone: myspace.com\viewmorepics
    Trusted Zone: myspace.com\www
    Trusted Zone: naturalcork.com\www
    Trusted Zone: netflix.com\www
    Trusted Zone: nissanusa.com\www
    Trusted Zone: nmrusa.com\www
    Trusted Zone: npr.org\www
    Trusted Zone: nps.gov\www
    Trusted Zone: nyc.com\www
    Trusted Zone: oce.com\webmail02
    Trusted Zone: oceemployee.com
    Trusted Zone: oceusa.com\www
    Trusted Zone: optimum.com\www
    Trusted Zone: optimum.net\www
    Trusted Zone: optimumrewards.com\www
    Trusted Zone: optonline.net\www
    Trusted Zone: orpainting.com\www
    Trusted Zone: pacificpalacehotel.com\www
    Trusted Zone: parkterracebistro.com
    Trusted Zone: phillesh.net\www
    Trusted Zone: photobucket.com\s283
    Trusted Zone: planetwaves.com
    Trusted Zone: planetwaves.com\www
    Trusted Zone: pollstar.com\www
    Trusted Zone: pontiac.com\www
    Trusted Zone: pricegrabber.com\electronics
    Trusted Zone: propertyslideshows.com\www
    Trusted Zone: radiotime.com
    Trusted Zone: realbiz360.com\vt
    Trusted Zone: redcliffslodge.com\www
    Trusted Zone: remodelhomeguide.com
    Trusted Zone: restaurantrowrockland.com\www
    Trusted Zone: return2forever.com\www
    Trusted Zone: samsung.com\pages
    Trusted Zone: samsung.com\www
    Trusted Zone: saturn.com\www
    Trusted Zone: sears.com\www
    Trusted Zone: simlahouse.com\www
    Trusted Zone: smartratings.com\www
    Trusted Zone: snapfish.com\www1
    Trusted Zone: spac.org\www
    Trusted Zone: starbucks.com\www
    Trusted Zone: startnfinish.com\www
    Trusted Zone: stepitup2007.org\events
    Trusted Zone: symantecstore.com\www
    Trusted Zone: telluridejazz.org
    Trusted Zone: templar.com\www
    Trusted Zone: thefloorauthority.com\www
    Trusted Zone: themusicalbox.net\www
    Trusted Zone: therealallanholdsworth.com\www
    Trusted Zone: ticketmaster.com\www
    Trusted Zone: tigerdirect.com\www
    Trusted Zone: tobyweiss.net\www
    Trusted Zone: toloachenyc.com
    Trusted Zone: toyota.com\www
    Trusted Zone: toyotafinancial.com\www
    Trusted Zone: trailofpaintedponies.com\www
    Trusted Zone: troweprice.com\www
    Trusted Zone: troweprice.com\www3
    Trusted Zone: veryheavy.com\www
    Trusted Zone: victors.com\www
    Trusted Zone: viewpoints.com\www
    Trusted Zone: visitmaine.com\www
    Trusted Zone: visitpiermont.com\www
    Trusted Zone: wainwrightbank.com\www
    Trusted Zone: walkonwood.com\www
    Trusted Zone: willcuttguitars.com\www
    Trusted Zone: yourmusic.com\www
    Trusted Zone: youtube.com
    Trusted Zone: youtube.com\www
    Trusted Zone: yuku.com\breedloveforum
    Trusted Zone: zawinulmusic.com\www
    Trusted Zone: zonealarm.com\download
    Trusted Zone: zonelabs.com\www
     
    File::
    c:\program files (x86)\RightSurf\RightSurfBHO.dll
    c:\program files (x86)\RightSurf\updateRightSurf.exe
    c:\program files (x86)\RightSurf\bin\utilRightSurf.exe
     
    Folder::
    c:\program files (x86)\RightSurf
     
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}]
     
    Driver::
    Update RightSurf
    Util RightSurf

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new ComboFix log and let me know how your system is running now.  :)

Link to post
Share on other sites

Hi, just so I'm clear, Maleware is free version dont see anywhere to disable from tabs. mcveee reportinting realtime scan diabled though it does not let me shut off fire wall as we left off adware program still open on desktop correct? sould I use the same pc to reconect to get this combofix text or should  I download this combo fix to usb from my laptop then copy to desttop? thx please advise, John

Link to post
Share on other sites

Hi,

 

Don't worry about Malwarebytes and McAfee....as long as you disabled them as well as you could, even if ComboFix says they are still running, continue on.  :)  There should be no problems.  

 

If you are able to just use the same computer to connect and run ComboFix, I don't see any problems with that.  :)

Link to post
Share on other sites

ComboFix 14-01-29.01 - John 01/31/2014  18:03:17.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1779 [GMT -5:00]

Running from: c:\users\John\Desktop\ComboFix.exe

Command switches used :: c:\users\John\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\program files (x86)\RightSurf\bin\utilRightSurf.exe"

"c:\program files (x86)\RightSurf\RightSurfBHO.dll"

"c:\program files (x86)\RightSurf\updateRightSurf.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\RightSurf

c:\program files (x86)\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll

c:\program files (x86)\RightSurf\bin\plugins\RightSurf.FFUpdate.dll

c:\program files (x86)\RightSurf\bin\plugins\RightSurf.IEUpdate.dll

c:\program files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll

c:\program files (x86)\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll.old.2aa68f85-9711-45f6-bff2-79a30648355a

c:\program files (x86)\RightSurf\bin\RightSurfBrowserFilter.exe

c:\program files (x86)\RightSurf\bin\sqlite3.dll

c:\program files (x86)\RightSurf\bin\utilRightSurf.exe

c:\program files (x86)\RightSurf\bin\utilRightSurf.InstallState

c:\program files (x86)\RightSurf\RightSurf.ico

c:\program files (x86)\RightSurf\RightSurfBHO.dll

c:\program files (x86)\RightSurf\RightSurfUninstall.exe

c:\program files (x86)\RightSurf\updateRightSurf.exe

c:\program files (x86)\RightSurf\updateRightSurf.InstallState

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Update RightSurf

-------\Service_Util RightSurf

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-31  )))))))))))))))))))))))))))))))

.

.

2014-01-31 23:12 . 2014-01-31 23:12 -------- d-----w- c:\users\Lauren\AppData\Local\temp

2014-01-31 23:12 . 2014-01-31 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-31 23:12 . 2014-01-31 23:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-01-28 19:57 . 2014-01-29 13:35 -------- d-----w- C:\AdwCleaner

2014-01-26 18:23 . 2014-01-27 13:29 -------- d-----w- c:\users\John\AppData\Roaming\DigitalSites

2014-01-22 00:22 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2014-01-15 16:51 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-15 16:51 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-15 16:51 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-15 16:51 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-15 16:51 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-15 16:51 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-15 16:51 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-15 16:50 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-15 16:50 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-21 13:56 . 2012-04-09 13:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-21 13:56 . 2011-06-28 01:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-16 03:42 . 2010-02-06 20:11 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-14 23:25 . 2013-12-14 20:35 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-12-05 21:51 . 2010-09-07 21:31 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-12-05 21:45 . 2010-09-07 21:31 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-12-05 21:41 . 2010-09-07 21:31 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-12-05 21:39 . 2010-09-07 21:31 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-12-05 21:37 . 2010-09-07 21:31 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-12-05 21:36 . 2010-09-07 21:31 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-11-27 04:18 . 2013-11-27 04:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-27 04:18 . 2013-11-27 04:18 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-27 04:18 . 2013-11-27 04:18 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-27 04:18 . 2013-11-27 04:18 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-27 04:18 . 2013-11-27 04:18 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-27 04:18 . 2013-11-27 04:18 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-27 04:18 . 2013-11-27 04:18 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-27 04:18 . 2013-11-27 04:18 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-27 04:18 . 2013-11-27 04:18 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-27 04:18 . 2013-11-27 04:18 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-27 04:18 . 2013-11-27 04:18 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-27 04:18 . 2013-11-27 04:18 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-27 04:18 . 2013-11-27 04:18 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-27 04:18 . 2013-11-27 04:18 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-27 04:18 . 2013-11-27 04:18 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-27 04:18 . 2013-11-27 04:18 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-27 04:18 . 2013-11-27 04:18 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-27 04:18 . 2013-11-27 04:18 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-27 04:18 . 2013-11-27 04:18 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-27 04:18 . 2013-11-27 04:18 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-27 04:18 . 2013-11-27 04:18 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-27 04:18 . 2013-11-27 04:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-27 04:18 . 2013-11-27 04:18 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-27 04:18 . 2013-11-27 04:18 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-27 04:18 . 2013-11-27 04:18 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-27 04:18 . 2013-11-27 04:18 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-27 04:18 . 2013-11-27 04:18 413696 ----a-w- c:\windows\system32\html.iec

2013-11-27 04:18 . 2013-11-27 04:18 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-27 04:18 . 2013-11-27 04:18 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-27 04:18 . 2013-11-27 04:18 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-27 04:18 . 2013-11-27 04:18 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-27 04:18 . 2013-11-27 04:18 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-27 04:18 . 2013-11-27 04:18 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-27 04:18 . 2013-11-27 04:18 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-27 04:18 . 2013-11-27 04:18 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-27 04:18 . 2013-11-27 04:18 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-27 04:18 . 2013-11-27 04:18 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-27 04:18 . 2013-11-27 04:18 235520 ----a-w- c:\windows\system32\url.dll

2013-11-27 04:18 . 2013-11-27 04:18 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-27 04:18 . 2013-11-27 04:18 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-27 04:18 . 2013-11-27 04:18 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-27 04:18 . 2013-11-27 04:18 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-27 04:18 . 2013-11-27 04:18 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-27 04:18 . 2013-11-27 04:18 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-27 04:18 . 2013-11-27 04:18 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-27 04:18 . 2013-11-27 04:18 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-27 04:18 . 2013-11-27 04:18 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-27 04:18 . 2013-11-27 04:18 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-27 04:18 . 2013-11-27 04:18 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-27 04:18 . 2013-11-27 04:18 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-27 04:18 . 2013-11-27 04:18 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-27 04:18 . 2013-11-27 04:18 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-27 04:18 . 2013-11-27 04:18 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-27 04:18 . 2013-11-27 04:18 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-27 04:18 . 2013-11-27 04:18 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-27 04:18 . 2013-11-27 04:18 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-27 04:18 . 2013-11-27 04:18 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-27 03:07 . 2013-11-27 03:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2013-11-27 03:07 . 2013-11-27 03:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2013-11-27 03:07 . 2013-11-27 03:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2013-11-26 11:54 . 2013-12-11 08:03 23183360 ----a-w- c:\windows\system32\mshtml.dll

2013-11-26 10:19 . 2013-12-11 08:03 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 10:18 . 2013-12-11 08:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 09:48 . 2013-12-11 08:03 66048 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 09:46 . 2013-12-11 08:03 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 09:41 . 2013-12-11 08:03 2764288 ----a-w- c:\windows\system32\iertutil.dll

2013-11-26 09:29 . 2013-12-11 08:03 53760 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-26 09:27 . 2013-12-11 08:03 33792 ----a-w- c:\windows\system32\iernonce.dll

2013-11-26 09:23 . 2013-12-11 08:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-26 09:21 . 2013-12-11 08:03 574976 ----a-w- c:\windows\system32\ieui.dll

2013-11-26 09:18 . 2013-12-11 08:03 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 09:18 . 2013-12-11 08:03 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 09:16 . 2013-12-11 08:03 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:57 . 2013-12-11 08:03 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2013-11-26 08:35 . 2013-12-11 08:03 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 08:28 . 2013-12-11 08:03 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16 . 2013-12-11 08:03 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-26 08:02 . 2013-12-11 08:03 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 07:48 . 2013-12-11 08:03 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-11-26 07:32 . 2013-12-11 08:03 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07 . 2013-12-11 08:03 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-11-26 06:40 . 2013-12-11 08:03 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-11-26 06:34 . 2013-12-11 08:03 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2013-11-26 06:33 . 2013-12-11 08:03 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-23 18:26 . 2013-12-10 22:21 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-10 22:21 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-23 00:11 . 2013-11-23 00:10 7450784 ----a-w- c:\users\John\AppData\Roaming\Affixa-Setup-Full.exe

2013-11-12 02:23 . 2013-12-10 22:20 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-01-14 23:26 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]

"AffixaPersonalSettings"="c:\program files (x86)\Affixa\AffixaHandler.exe" [2013-11-17 300144]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Johnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

R2 0046191391004628mcinstcleanup;McAfee Application Installer Cleanup (0046191391004628);c:\windows\TEMP\004619~1.EXE;c:\windows\TEMP\004619~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]

S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]

S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-29 13:04 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:56]

.

2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 18:28]

.

2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 18:28]

.

2014-01-31 c:\windows\Tasks\{DB83A1EF-0CBB-422D-9016-6190BFCC2CA1}.job

- c:\users\Johnc\AppData\Local\88987a0c-5be7-4b22-8a7a-6e3596b383f9ad\acbebaaebfad.exe [2013-07-09 02:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-01-14 23:26 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Verizon_McciTrayApp"="\MCCITRAYAPP.EXE" [bU]

"IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [bU]

"HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [bU]

"Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [bU]

"Windows Mobile Device Center"="DOWSMOBILE\WMDC.EXE" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm




mLocal Page = c:\windows\SysWOW64\blank.htm



IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1


.

- - - - ORPHANS REMOVED - - - -

.

BHO-{88be1aa9-6740-461c-9e3e-f35eb8fa741c} - c:\program files (x86)\RightSurf\RightSurfbho.dll

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2014-01-31  18:20:45 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-31 23:20

ComboFix2.txt  2014-01-29 23:32

.

Pre-Run: 641,059,319,808 bytes free

Post-Run: 640,435,355,648 bytes free

.

- - End Of File - - 1D68EE0C5C60FE132D6DFAA04BB8F9A4

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Hi, Still seeing this mysearchdial pup entries though only 3 hits I might have missed a step with running the adware as I posted a log but never did the 2nd part of removal?  If I got this right this mysearchdial is a hijack browser add on? I did not use it here is the log Thx again, John

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.31.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Johnc :: JOHNLAURENPC [limited]
 
2/2/2014 12:13:54 PM
MBAM-log-2014-02-02 (12-40-17).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 237740
Time elapsed: 5 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} (PUP.Optional.RightSurf.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> No action taken.
HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Hi,

 

Go ahead and run Malwarebytes again and then remove anything that is found.

---------------

 

What browser(s) are you still seeing the problems in?  

 

-----------------

 

Post the new MBAM log when complete.

Link to post
Share on other sites

Hi, Here is the latest, 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.31.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Johnc :: JOHNLAURENPC [limited]
 
2/2/2014 1:05:41 PM
mbam-log-2014-02-02 (13-05-41).txt
 
Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 460076
Time elapsed: 1 hour(s), 14 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} (PUP.Optional.RightSurf.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C} (PUP.Optional.RightSurf.A) -> Delete on reboot.
HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Program Files (x86)\RightSurf\RightSurfBHO.dll.vir (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\RightSurf\updateRightSurf.exe.vir (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\RightSurf\bin\utilRightSurf.exe.vir (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.