Jump to content

Multiple Malware infections - having trouble fully cleaning


Recommended Posts

Have used a combination of Malware Bytes, Hitman Pro, Eset Online Scanner and Norton Online Scanner to remove/delete close to 200 infected files and/or registry keys (some of which are listed in the Topic Tags). Ran these a few months ago and thought I had things cleaned.

 

Today I ran ADWCleaner and came up with about 50 infections - which I haven't cleaned. After ADW, I ran Malware Bytes and Farber Recovery Scan as suggested in the "I'm infected what do I do now" post. Malware Bytes quarantined a Yontoo PUP for me. I am copying the Farber logs for expert review. Also included the ADWCleaner log - which I have not cleaned - after the Farber logs.

 

Based on my review of forum topics related to these types of malware, i did not run the recommended programs in a necessarily proper order. Am hoping someone might be able to use the Farber logs and the ADW screen shot to provide some assistance. I have the old Malware Bytes, Hitman and Eset logs I could provide if that would help.

 

Any assistance greatly appreciated   :) !

 

Sam Haber

 

 

FRST Farber Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014

Ran by shaber (administrator) on LAPTOP on 18-05-2014 16:50:05
Running from C:\Users\shaber\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\escont.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dell) C:\Users\shaber\AppData\Local\Apps\2.0\OGXX1OAO.Q30\NXTQME62.O5Z\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
(Dropbox, Inc.) C:\Users\shaber\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(6337)\ShwiconX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Users\shaber\AppData\Local\Temp\dlm876A.tmp\adwcleaner.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Dell V310-V510 Series] => C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe [316072 2009-07-10] ()
HKLM-x32\...\Run: [shwiconXP6377] => C:\Program Files (x86)\Multimedia Card Reader(6337)\ShwiconX.exe [237568 2009-01-05] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [Google Update] => C:\Users\shaber\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [MusicManager] => C:\Users\shaber\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [iLivid] => "C:\Users\shaber\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [DellSystemDetect] => C:\Users\shaber\AppData\Local\Apps\2.0\OGXX1OAO.Q30\NXTQME62.O5Z\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-03-02] (Dell)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2477104216-3071022368-541353855-1001\...\MountPoints2: {b73aa86b-f9fa-11e1-b04d-a4badb9fc964} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-2477104216-3071022368-541353855-1006\...\MountPoints2: {2068c34d-15b6-11df-b92e-806e6f6e6963} - D:\ice_age_pc.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Alana's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\shaber\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: lmhg7:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {5ECDE222-74A1-4D08-801D-188310A29496} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}
SearchScopes: HKCU - {5ECDE222-74A1-4D08-801D-188310A29496} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}
SearchScopes: HKCU - {712A47CD-7C1B-4406-A8B9-097F7F546B6D} URL = 
SearchScopes: HKCU - {C7E37EC4-3211-4744-B795-4CCB32984834} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\shaber\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\shaber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-05-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-13]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.com/"
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\shaber\AppData\Local\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\shaber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\shaber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (SiteAdvisor) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-12]
CHR Extension: (Skype Click to Call) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-08]
CHR Extension: (Google Wallet) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\shaber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR StartMenuInternet: Google Chrome - C:\Users\shaber\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 0016741400295544mcinstcleanup; C:\Windows\TEMP\001674~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-03] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [641352 2014-02-21] (Apple Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Office Depot PC Support Agent; C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [1005144 2014-01-22] (Support.com, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S2 MCSTRM; No ImagePath
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [93872 2009-08-05] (Sunbelt Software)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 16:50 - 2014-05-18 16:51 - 00035479 _____ () C:\Users\shaber\Downloads\FRST.txt
2014-05-18 16:49 - 2014-05-18 16:50 - 00000000 ____D () C:\FRST
2014-05-18 16:47 - 2014-05-18 16:48 - 02067456 _____ (Farbar) C:\Users\shaber\Downloads\FRST64.exe
2014-05-18 16:43 - 2014-05-18 16:43 - 00001249 _____ () C:\Users\shaber\Documents\mbam 5-18-14.txt
2014-05-18 10:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-18 10:35 - 2014-05-18 10:38 - 00000000 ____D () C:\AdwCleaner
2014-05-18 10:33 - 2014-05-18 10:33 - 00929416 _____ (CNET Download.com) C:\Users\shaber\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
2014-05-17 15:42 - 2014-05-17 15:42 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\SUPERAntiSpyware.com
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-17 15:39 - 2014-05-17 15:40 - 19166520 _____ (SUPERAntiSpyware) C:\Users\shaber\Downloads\SUPERAntiSpyware.exe
2014-05-15 22:21 - 2014-05-15 22:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\DropboxMaster
2014-05-15 22:21 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 22:20 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 22:20 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 22:20 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 22:20 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 22:20 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 22:20 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 22:20 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 22:20 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 22:20 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 22:20 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 22:20 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 22:20 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 22:20 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 22:20 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 22:20 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 22:20 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 22:20 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 22:20 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 03:12 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:12 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:12 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:56 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:56 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:56 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:56 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-09 21:58 - 2014-05-18 16:38 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e.job
2014-05-09 21:58 - 2014-05-17 22:03 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744.job
2014-05-09 21:58 - 2014-05-09 21:58 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e
2014-05-09 21:58 - 2014-05-09 21:58 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744
2014-05-06 03:01 - 2014-05-15 03:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieUserList
2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieSiteList
2014-04-27 08:31 - 2014-04-27 08:31 - 00000219 _____ () C:\Users\shaber\Desktop\Team Fortress 2.url
2014-04-22 21:13 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-20 22:59 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-20 22:59 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 22:59 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 22:59 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 22:59 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 22:59 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 22:59 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 22:59 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 22:59 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 22:59 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 22:59 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 22:59 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 22:59 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 22:59 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 22:59 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 22:59 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 22:59 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 22:59 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 22:59 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 22:59 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 22:59 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 22:59 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 22:59 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 22:59 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 22:59 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 22:59 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 22:59 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 22:59 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 22:59 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 22:59 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 22:59 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 22:59 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 22:59 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 22:59 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 22:59 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 22:59 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 22:59 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 22:59 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 22:59 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 22:59 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 22:58 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 22:58 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 22:58 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 22:58 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 18:31 - 2014-04-20 18:01 - 00007142 _____ () C:\Users\shaber\ipconfig.all.txt
 
==================== One Month Modified Files and Folders =======
 
2014-05-18 16:51 - 2014-05-18 16:50 - 00035479 _____ () C:\Users\shaber\Downloads\FRST.txt
2014-05-18 16:51 - 2014-03-02 19:46 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-18 16:50 - 2014-05-18 16:49 - 00000000 ____D () C:\FRST
2014-05-18 16:48 - 2014-05-18 16:47 - 02067456 _____ (Farbar) C:\Users\shaber\Downloads\FRST64.exe
2014-05-18 16:47 - 2013-05-13 18:09 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-05-18 16:47 - 2013-05-13 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-18 16:43 - 2014-05-18 16:43 - 00001249 _____ () C:\Users\shaber\Documents\mbam 5-18-14.txt
2014-05-18 16:38 - 2014-05-09 21:58 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e.job
2014-05-18 16:38 - 2009-07-14 01:10 - 01530584 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 12:54 - 2014-04-05 18:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 12:10 - 2012-09-20 20:01 - 00089088 ___SH () C:\Users\shaber\Documents\Thumbs.db
2014-05-18 10:38 - 2014-05-18 10:35 - 00000000 ____D () C:\AdwCleaner
2014-05-18 10:33 - 2014-05-18 10:33 - 00929416 _____ (CNET Download.com) C:\Users\shaber\Downloads\cbsidlm-cbsi188-AdwCleaner-SEO-75851221.exe
2014-05-18 00:48 - 2010-03-24 22:30 - 00149899 _____ () C:\ProgramData\dlea.log
2014-05-18 00:47 - 2014-03-02 22:05 - 00000000 ____D () C:\ProgramData\Norton
2014-05-18 00:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 00:18 - 2010-11-16 22:33 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C423BC85-4ABA-45D3-93BE-2C22D1DA1204}
2014-05-17 22:03 - 2014-05-09 21:58 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744.job
2014-05-17 22:00 - 2014-03-22 16:49 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\QuickScan
2014-05-17 15:42 - 2014-05-17 15:42 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\SUPERAntiSpyware.com
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-17 15:42 - 2014-05-17 15:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-17 15:40 - 2014-05-17 15:39 - 19166520 _____ (SUPERAntiSpyware) C:\Users\shaber\Downloads\SUPERAntiSpyware.exe
2014-05-16 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 22:58 - 2012-12-12 20:08 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-16 22:49 - 2013-06-20 21:47 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Dropbox
2014-05-15 22:53 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 22:53 - 2009-07-14 00:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 22:48 - 2013-06-20 21:51 - 00000000 ___RD () C:\Users\shaber\Dropbox
2014-05-15 22:48 - 2013-05-13 18:08 - 00000000 __RSD () C:\Users\shaber\Documents\McAfee Vaults
2014-05-15 22:46 - 2010-03-24 21:22 - 00158283 _____ () C:\ProgramData\dleascan.log
2014-05-15 22:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 22:43 - 2013-04-09 21:45 - 00017887 _____ () C:\Windows\setupact.log
2014-05-15 22:21 - 2014-05-15 22:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\DropboxMaster
2014-05-15 22:21 - 2013-06-20 21:51 - 00001022 _____ () C:\Users\shaber\Desktop\Dropbox.lnk
2014-05-15 22:21 - 2013-06-20 21:48 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 22:21 - 2010-02-16 23:35 - 00000000 ___RD () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 21:48 - 2011-06-15 16:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 19:44 - 2010-02-16 23:39 - 00000000 ___RD () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:31 - 2010-02-09 16:03 - 01159958 _____ () C:\Windows\PFRO.log
2014-05-15 03:30 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:12 - 2010-02-09 14:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:11 - 2013-07-19 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:07 - 2010-03-06 07:41 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:42 - 2012-03-22 18:13 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-05-13 20:21 - 2013-12-23 11:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 16:37 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\Office Depot PC Support Agent
2014-05-09 21:58 - 2014-05-09 21:58 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001UA1cf6bf34c202d8e
2014-05-09 21:58 - 2014-05-09 21:58 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477104216-3071022368-541353855-1001Core1cf6bf34bae5744
2014-05-09 02:14 - 2014-05-14 19:56 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 19:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 00:40 - 2014-05-15 03:12 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-15 03:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-15 03:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-15 03:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-15 03:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 03:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieUserList
2014-04-27 17:37 - 2014-04-27 17:37 - 00000000 __SHD () C:\Users\shaber\AppData\Local\EmieSiteList
2014-04-27 08:31 - 2014-04-27 08:31 - 00000219 _____ () C:\Users\shaber\Desktop\Team Fortress 2.url
2014-04-27 08:31 - 2013-12-23 11:21 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-24 17:31 - 2012-10-08 08:03 - 00000000 ____D () C:\Users\shaber\AppData\Roaming\.minecraft
2014-04-22 12:19 - 2013-02-24 20:45 - 00000000 ____D () C:\Users\shaber\Documents\Jake
2014-04-21 12:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 22:47 - 2013-10-08 20:04 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-20 18:31 - 2010-02-16 23:35 - 00000000 ____D () C:\Users\shaber
2014-04-20 18:01 - 2014-04-20 18:31 - 00007142 _____ () C:\Users\shaber\ipconfig.all.txt
2014-04-20 14:42 - 2010-05-05 03:34 - 00000000 ____D () C:\Users\shaber\Documents\Jackie
2014-04-19 09:26 - 2013-12-31 21:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-19 09:08 - 2009-07-14 01:13 - 00831090 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\shaber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxkmhz.dll
C:\Users\shaber\AppData\Local\Temp\Quarantine.exe
C:\Users\shaber\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_10225.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-15 22:20] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-15 04:01
 
==================== End Of Log ============================
 
 
 
 
Link to post
Share on other sites

Welcome to the forum.

Please create a new system restore point before continuing and also....

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    -------------------------------------------

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........


    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found...post the log

    Last........

    Rescan with FRST.exe (please make sure the Addition Box is checked)

    Post or attach the logs.

    MrC

     
Link to post
Share on other sites

Mr. C.

I assume the system restore point would be anytime PRIOR the infections. If so, does it matter if it was immediately prior or would I want create a restore point well prior to the infections (6 months or a year before, for instance).

Sam

Link to post
Share on other sites

One additional question. On the ADW cleaner, I mentioned in my initial poat I had installed it a few days ago and run a scan picking up 50 or so infected files and keys but had not taken any action on them either quarantine or deletion.

Just to confirm, I should not take any action on the infected files/keys, close and uninstall ADW and then reinstall and run as administrator?

Sam

Link to post
Share on other sites

Mr. C.

 

I created a restore point yesterday evening. Does it matter that it was only for the C: drive (system) and did not include the Recovery drive? The protection system was only turned on for the System drive (c:) not the Recovery drive. I then ran delfix and saved the log.

 

This afternoon I ran the scans you listed after running Delfix.

 

Attached are the following:

 

ADW Cleaner Log:

I ran it again after downloading delfix. Could you look at the one item listed under Chrome? There was no box to check to select the item in question for cleaning (if it is something that can or should be cleaned) but ADW did notify me that I was closing the program without taking any action, which suggests there might have been an action to take if perhaps i highlighted the item and selected clean...? Do you know what the item is and/or does it look fishy?

AdwCleanerR1.txt

 

Junkware Removal Tool Log (JRT.txt)

JRT.txt

 

Malware Bytes 2.0 Log (Nothing found)

mbam 5-20-14.txt

 

Farber Log with Addition Box checked

FRST_20-05-2014_16-15-39.txt

Addition.txt

 

 

Please advise on next steps.

 

Sam

 

Link to post
Share on other sites

AdwCleaner log is clean.

 

------------------------

Do you know what this Proxy is in Internet Explorer....did you set it:

ProxyServer: lmhg7:80

----------------------------------

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-------------------------------------

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

-----------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

When you say run FRST.exe, you mean run a scan by clicking the SCAN button once the program is open (as opposed to just clicking RUN when the dialog box to open the program pops up after clicking on the FRST icon), let the scan finish AND THEN click the FIX button once and wait for FIXlog.txt to be created in the FRST folder? Or did you mean click the FIX button once, without running a scan?

 

I did the latter (not running another scan) and Farber told me the FIXlog.txt should already be in the folder. I checked the folder and it was the FIXlog.txt attachment you had sent me in your last post...not a new FIXlog.txt.

 

Sam

Link to post
Share on other sites

Mr. C,

 

lhmg7 is the name of my verizon home wi-fi network. Not sure what the ":80" after the lhmg7 is though.

 

The reason I have thought I have had malware for a while is the intermittent difficulties connecting to the internet. Chrome browser is always hung-up telling me "trying to resolve proxy", "waiting for response from www..." or I get error messages like DNS Probe failed, or no data sent.

 

Also, in lower right of laptop screen there are always four or five bars showing in the internet connection icon and it says I am connected but sometimes I get "you are connected but internet not available, or unidentified changes made at gateway/access point.

 

Sam

Link to post
Share on other sites

From your log it looks like FRST64.exe is located in your download folder:

C:\Users\shaber\Downloads\FRST64.exe

 

Download the attched fixlist.txt to the same folder

Now,,,,,,,

Open up FRST64.exe by double clicking on it.....so it looks like this:

http://www.majorgeeks.com/index.php?ct=files&action=file&id=4921

Now click Fix only once and wait.

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Charlie,

 

Below is the Security Check Log I just ran.Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spy Masters Unmask the Prankster 
 JavaFX 2.1.1    
 Java 7 Update 45  
 Java version out of Date! 
  Adobe Flash Player 11.6.602.168 Flash Player out of Date!  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 
 
Sam
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~

JavaFX 2.1.1 <-----please uninstall from add/remove programs

Java 7 Update 45 <----please update, should be Update 55


Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Flash Player 11.6.602.168 Flash Player out of Date!
Flash Player:
Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Reader 10.1.10 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Charlie,

 

Thanks again for all the assistance. Any remaining disinfection folders that Delfix didn't remove I was able to manually delete.

 

Two last questions...

 

Just to confirm, real-time anti-virus and real-time, paid version of Malware Bytes ARE compatible? And if so, Microsoft Security Essentials is considered anti-virus and not malware protection?

 

And finally, my internet accessibility - on my laptop only! - still seems glitchy or slow from time to time. Or I show as connected to the network but there is no internet access.

 

I ran the Microsoft Connectivity diagnostics tool and it showed the laptop wireless adapter was fine and the network configuration appeared to be ok. There was just no internet access. The MS diagnostics tool indicated that the McAfee firewall might be preventing internet access and in the past Chrome has prompted me to remove it from the firewall and then add it back in again as an allowed program.

 

If I try that and I end up getting rid of McAfee, and I still have access glitches and hang-ups (frequently enough to be annoying) do you think it could be possibly be a Winsock corruption issue from the malware? I don't have this problem with other devices so I don't think it is an issue of the signal range from the router.

 

I am attaching two screen shots of error messages I received relating to my connectivity. I know you can't really diagnose the problem, but do the two attached messages seem a little unusual to you?

 

post-163994-0-32851300-1401038553_thumb.

post-163994-0-77403600-1401038574_thumb.

 

Also attached is an Office Depot utility that I run that frequently identifies setting that are not optimal with some my Windows Services. Usually when I have utility "repair" the settings to "Optimal" my connectivity issues improve. Then, when I run the scan maybe a week later the utility will show the setting as not optimal again.

 

Do you think it unusual that some of the settings that are being changed by the utility to optima,l are apparently "reverting" or being changed back to not optimal designations a week or so later? Some of programs and services the utility identifies as not at an optimal setting sound pretty important.

 

post-163994-0-23653600-1401039054_thumb.

 

Sam

 

 

 

Link to post
Share on other sites

Just to confirm, real-time anti-virus and real-time, paid version of Malware Bytes ARE compatible?
Yes they are

And if so, Microsoft Security Essentials is considered anti-virus and not malware protection?
It's an anti-virus and also will protect you from malware and adware




If I try that and I end up getting rid of McAfee, and I still have access glitches and hang-ups (frequently enough to be annoying) do you think it could be possibly be a Winsock corruption issue from the malware?
No, it would have showed in the logs.

I don't have this problem with other devices so I don't think it is an issue of the signal range from the router.
There's nothing wrong with the Windows Firewall


I'm not a wiz on connection problems, I can send you to a tech forum if needed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.