Jump to content

Spam Virus

ConnorW

By ConnorW
in Resolved Malware Removal Logs

 Share

Recommended Posts

ConnorW

ConnorW

Posted
Posted

Hi- Upon opening my email yesterday, I discovered that someone had hijacked my e-mail address to send out spam e-mails in my name, under my account, to my LinkedIn contact list as well as all of my other contacts. The e-mail contained a link and some text about weight loss.

 

What I'd like to know is:  

 

1) How do I clear the malware/virus from my computer?

2) Are there steps I can take to prevent from happening again? 

 

I ran anti-malware and anti-virus software scans and neither one showed the threat.

 

Thanks in advance for your help with this!

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites
ConnorW

ConnorW

Posted
  • Author
Posted

As requested, I ran the scans and have pasted the logs here as well as attaching the Addition and Shortcut logs. 

 

Malwarebytes Anti-Malware

Scan Date: 1/12/2016
Scan Time: 8:27 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.13.01
Rootkit Database: v2016.01.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Denise

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352175
Time Elapsed: 28 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

--------------------------------------------------------------------------------------------------------------------------------
AdWCleaner

# AdwCleaner v5.029 - Logfile created 12/01/2016 at 20:14:15
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Denise - DAVID
# Running from : C:\Users\Denise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KZ5VDAK\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\speedypc software
[-] Folder Deleted : C:\Users\Denise\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\speedypc software
[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\YourFileDownloader

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahlfahldnilidgnlikdckbfehhca
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key Deleted : HKCU\Software\speedypc software
[-] Key Deleted : HKCU\Software\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\speedypc software
[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
[-] Key Deleted : HKU\S-1-5-21-1446522629-2901331746-3063338447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\speedypc

software
[-] Key Deleted : HKU\S-1-5-21-1446522629-2901331746-3063338447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software

\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\8036C72171EF4ba46856BF57969F6A36
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\89BB7852687BDC34B9A81E01C7FF9173
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\8CBC85D72B148084ABE8C2F072F781F4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\A8CB937199A57E748B6AC433DA453EE2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\A97C590397DCC454AA8923563BAB10E4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\B08932C78B697C244BE7BA3E6FF09B62
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\D14A7F65792054F418578C78367D13F7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\F0390A76D28822743A68D7F1AB22E6D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\F739A19A8327dc64C9A8B641A9E89646
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\158D6D9E3FE81fa428925F22ACB3A965
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\1DB42320A8525634AA089F0BEC86473B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\22468B0D6050b2e46B9C4B67A8F59577
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\2251BF05A2F606d43BB064BD63CBD87E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\3255D95681398614190EDF0A4F3F77DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\3CDF313E9B28c944FBC7579CF4949414
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\71E54748EDD3dc1468548785DC856EDA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\754590DD06DE8d249B526503432F99D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask search
[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted :

aaaaahaeginbdcckocjkhbciadcafnep

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6611 bytes] ##########

---------------------------------------------------------------------------------------------------------------------------

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Denise (administrator) on DAVID (12-01-2016 20:19:37)
Running from C:\Users\Denise\Desktop
Loaded Profiles: Denise (Available Profiles: Denise)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-

tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.190.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25]

(Dell, Inc.)
HKLM-x32\...\Run: [soundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe

[1134080 2015-08-21] (Bose Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09]

(Oracle Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723392 2015-12-03] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\...\MountPoints2: {9ec7d34b-2575-11e3-bcf1-4ceb4293a8c2} - E:

\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0015-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0019-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft

Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-07]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{953EF274-7293-43BB-9404-D5B30CA48B34}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D686E1DE-36AA-42E4-AE47-D2BDC9FAE19C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://xfinity.comcast.net/?cid=mtmh06262014
HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}

&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> DefaultScope {4D06E187-16B0-4906-BFC5-06D75670B27D} URL =

hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20120511&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL =
SearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> {4D06E187-16B0-4906-BFC5-06D75670B27D} URL =

hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20120511&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:

\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll => No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin

\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-

06-07] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin

\jp2ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011

-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-

05] (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-

02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-

02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02]

(McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02]

(McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05

-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03]

(McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-

12-03] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] (

Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft

Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON

INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-

11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21]

(Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-

04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11

-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11

-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-09-13] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[2015-12-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App

\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1446522629-2901331746-3063338447-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Denise\AppData\Local

\Citrix\Plugins\104\npappdetector.dll [2013-10-23] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US105D20120511&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll => No

File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No

File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (SiteAdvisor) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fheoggkfdfchfphceeifdbepaooicaho [2015-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

[2015-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12

-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

[2015-12-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.)

[File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392

2012-09-13] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2013-06-14] (support.com, Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 20:19 - 2016-01-12 20:20 - 00024477 _____ C:\Users\Denise\Desktop\FRST.txt
2016-01-12 20:19 - 2016-01-12 20:19 - 02370560 _____ (Farbar) C:\Users\Denise\Desktop\FRST64.exe
2016-01-12 20:19 - 2016-01-12 20:19 - 00000000 ___DC C:\FRST
2016-01-12 20:11 - 2016-01-12 20:14 - 00000000 ___DC C:\AdwCleaner
2016-01-10 22:35 - 2016-01-10 22:35 - 00000000 ____D C:\Users\Denise\Documents\Outlook Files
2016-01-10 15:51 - 2016-01-10 15:51 - 01473201 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Archives.pdf
2016-01-10 15:50 - 2016-01-10 15:50 - 00391650 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Scrapbook of Seven Years.pdf
2016-01-10 15:49 - 2016-01-10 15:49 - 00136120 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons -

Michael Tidemann.pdf
2016-01-10 15:48 - 2016-01-10 15:48 - 00130598 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons - Mark

Barkawitz.pdf
2016-01-10 15:48 - 2016-01-10 15:48 - 00117479 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons -

Anita Oswald.pdf
2016-01-10 15:47 - 2016-01-10 15:47 - 00121149 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons Home

Page.pdf
2016-01-10 15:46 - 2016-01-10 15:46 - 01057528 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Indie Bookstores.pdf
2016-01-10 15:45 - 2016-01-10 15:45 - 00263915 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Artists Gallery.pdf
2016-01-10 15:44 - 2016-01-10 15:44 - 00143293 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Feedback and Questions.pdf
2016-01-10 15:43 - 2016-01-10 15:43 - 00226753 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Submission Guidelines.pdf
2016-01-10 15:42 - 2016-01-10 15:42 - 00336217 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Book Reviews.pdf
2016-01-10 15:41 - 2016-01-11 19:43 - 00685444 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Writers Craft Box.pdf
2016-01-10 15:40 - 2016-01-10 15:40 - 00957322 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Our Stories - Non-

Fiction.pdf
2016-01-10 15:39 - 2016-01-10 15:39 - 00990428 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Poetry.pdf
2016-01-10 15:38 - 2016-01-10 15:38 - 01123736 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Fiction.pdf
2016-01-10 15:37 - 2016-01-10 15:37 - 00774472 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Interviews.pdf
2016-01-10 15:35 - 2016-01-10 15:35 - 00290815 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - About Us.pdf
2016-01-10 15:30 - 2016-01-10 15:30 - 00236650 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Home.pdf
2016-01-06 22:47 - 2016-01-12 06:48 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic

endpoint safety pulse
2015-12-31 12:13 - 2015-12-31 12:13 - 00791792 _____ C:\Windows\Minidump\123115-20872-01.dmp
2015-12-30 14:28 - 2015-12-30 14:28 - 00014636 _____ C:\Users\Denise\Downloads\David J.Bouchard, PMP.pdf
2015-12-30 07:23 - 2015-12-30 07:23 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Brain Workshop
2015-12-13 18:49 - 2015-12-13 18:49 - 00000000 ____D C:\Windows\System32\Tasks\McAfee

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 20:19 - 2014-10-12 20:10 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1446522629-2901331746-3063338447-

1000.job
2016-01-12 20:19 - 2013-06-24 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-01-12 20:19 - 2012-05-09 18:52 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-01-12 20:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-12 20:15 - 2014-11-14 18:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0005f55ae9614.job
2016-01-12 20:15 - 2014-11-09 21:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 20:15 - 2014-03-30 12:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c3fb8bbdc4c.job
2016-01-12 20:15 - 2012-05-04 06:53 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-01-12 20:15 - 2012-05-04 06:53 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-01-12 20:15 - 2012-05-04 06:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-01-12 20:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 20:14 - 2015-06-06 19:34 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1446522629-2901331746-3063338447-

1000.job
2016-01-12 20:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-

439d-8115-601632D005A0
2016-01-12 20:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-

439d-8115-601632D005A0
2016-01-12 20:00 - 2012-05-04 06:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 19:33 - 2012-08-25 16:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 18:49 - 2009-07-14 00:13 - 00006218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 18:48 - 2012-06-08 08:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-01-11 19:43 - 2012-10-19 21:03 - 00000000 ____D C:\Users\Denise\AppData\Roaming\PrimoPDF
2016-01-11 19:37 - 2012-05-04 07:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-10 16:36 - 2014-03-10 16:07 - 00000000 ____D C:\Users\Denise\Documents\Personal Success Archive
2016-01-10 15:52 - 2015-06-26 19:29 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-01-10 13:17 - 2013-01-10 12:31 - 00000000 ____D C:\Users\Denise\Documents\Personal Reference Documents
2016-01-09 09:14 - 2015-10-28 11:53 - 00000000 ____D C:\Users\Denise\AppData\Local\CrashDumps
2016-01-03 19:54 - 2012-11-06 16:00 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Skype
2016-01-02 21:09 - 2012-05-09 18:52 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-01-02 11:01 - 2012-05-04 06:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 11:01 - 2012-05-04 06:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 11:01 - 2012-05-04 06:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-01 13:48 - 2012-05-09 18:52 - 00003904 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-12-31 12:13 - 2014-10-18 09:17 - 845744372 _____ C:\Windows\MEMORY.DMP
2015-12-31 12:13 - 2012-07-26 12:07 - 00000000 ____D C:\Windows\Minidump
2015-12-30 14:31 - 2014-10-06 12:52 - 00000000 ____D C:\Users\Denise\Documents\Career and Work Reference-Related Files
2015-12-30 10:37 - 2015-06-06 19:34 - 00003686 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1446522629-2901331746-

3063338447-1000
2015-12-30 10:37 - 2014-10-12 20:10 - 00003590 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1446522629-2901331746-

3063338447-1000
2015-12-30 08:49 - 2015-06-17 21:38 - 00000000 ____D C:\Users\Denise\AppData\Local\Dropbox
2015-12-30 08:30 - 2012-05-04 06:56 - 00000000 ____D C:\ProgramData\Temp
2015-12-30 08:27 - 2014-07-10 15:55 - 00000000 ___RD C:\Users\Denise\Dropbox
2015-12-30 08:27 - 2014-07-10 15:54 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Dropbox
2015-12-18 03:02 - 2015-04-06 02:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 03:02 - 2015-04-06 02:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 19:34 - 2015-02-20 11:02 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 18:56 - 2012-05-04 07:11 - 00000000 ____D C:\ProgramData\McAfee
2015-12-13 18:51 - 2012-05-04 07:11 - 00000000 ____D C:\Program Files\Common Files\mcafee

==================== Files in the root of some directories =======

2014-01-26 16:20 - 2014-04-04 15:41 - 0002315 _____ () C:\Users\Denise\AppData\Roaming\SAS7_000.DAT
2014-06-02 08:06 - 2014-06-02 08:06 - 0000000 _____ () C:\Users\Denise\AppData\Roaming\SharedSettings.ccs
2012-07-11 14:12 - 2013-09-02 13:11 - 0004608 _____ () C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 08:10 - 2014-06-02 08:10 - 0068782 _____ () C:\Users\Denise\AppData\Local\ervkqrou
2014-06-21 09:40 - 2014-06-21 09:40 - 0007609 _____ () C:\Users\Denise\AppData\Local\Resmon.ResmonCfg
2013-09-02 13:09 - 2013-09-02 13:09 - 0027574 _____ () C:\ProgramData\xportnchk.ini

Some files in TEMP:
====================
C:\Users\Denise\AppData\Local\Temp\3wintyxs.dll
C:\Users\Denise\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6abix3.dll
C:\Users\Denise\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Denise\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 08:50

==================== End of FRST.txt ============================

 

Addition.txt

Shortcut.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…

 

Next,

 

Ensure to change your passwords, not only your email account but any account, application etc that needs a password.. Have a read at the following link:

 

http://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

 

Let me see the logs in your reply, also give an update on any remaining issues or concerns.....

 

Thank you,

 

Kevin..
 

 

 

Fixlist.txt

Link to post
Share on other sites
ConnorW

ConnorW

Posted
  • Author
Posted

The log and report are attached as directed. One of my questions is about seeing a new Windows 10 pop-up every time I turn on my computer; other people the spam virus e-mail had been sent to, are also seeing this new pop-up on their computers that they hadn't seen before. Is that normal or a part of what happened? Thanks. 

Fixlog.txt

cureit.log

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

It will more than likely be a coincidence that email delivery messages seem to cause recipients the Windows 10 pop-up nag... if you look into the task scheduler there are two entries related to the nag you mention...

 

Task: {0E02CB96-2DA1-4992-A15F-670665ACAA97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

 

Task: {86B78DA4-3610-478D-9E88-4D065C200BFD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

 

Apparently those tasks were installed with this update kb3035583 have a read at the following link, it contains removal instructions.

 

http://www.howtogeek.com/218856/how-do-you-disable-the-get-windows-10-icon-shown-in-the-notification-tray/

 

Let me know if you have any remaining issues or concerns... we will close out shortly....

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.