Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In Need of Help


  • Please log in to reply
16 replies to this topic

#1 SCaruso

SCaruso

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 06:47 AM

Hello,

   Hoping you can help me.  My son's has a laptop which operates on Windows 7.  It has McAfee as it's protection software.  A few days ago he noticed the following:

 

1.  Could not use or open any programs.  Only Explorer would open and function.  When he tried using a program like Word or Excel he would get a Windows message that said 

 

2.  When attempting to download any type of file to his laptop he would receive a message from Windows Security that the file he was attempting

     to download was corrupted and contained a virus.

 

3.  The McAfee Firewall would turn off from time to time for no apparent reason.  He could turn it back on but it would turn off by itself at 

      infrequent intervals.

 

   Yesterday he told me of this problem and I did the following:

 

1.  When I turned the Firewall back on in Mac Afee it indicated a Trojan was detected.  It said it was Sefnit-FCCF!97BA1C6767EA.  Quarantined From: C:\USERS/USER\APPDATA\LOCAL\SONIC\FPQEQESG.DLL.  It said to Restart so it could fix it.  I Restarted and the computer rebooted fine.

 

2.  I ran a full scan with McAfee.  It did not turn up anything.

 

3.  I opened up Explorer and tried downloading a file.  What looked like a Microsoft Security message came up indicating the file contained a virus and was deleted.  There was  a "Learn More" link after the message.  When I opened the link it brought me to a page on Windows Microsoft's site (http://windows.microsoft.com/en-US/windows-8/help-protect-yourself-ie-10?ocid=IE10_protect_viruses#firstTabControl=tab1).  To me this page looked like an add for Explorer 10.

 

4.  I went into the Control Panel, System & Security, and Action Center.  Under Security it showed Windows Security Center was turned off.  I tried turning it on and it would not respond.  Also could not use the Back Up or Fix Other Problem links as they did not respond.

 

    Since nothing except his Explorer browser seems to be working I am suspecting some type of malware or virus.  Since downloading is blocked by this issue I cannot download any other tools that might assist.  I am going to try and back up his important data to an external device.  Can you let me know if you can help or do I need to take this to someone for a deeper dive?

 

Regards,

 

Steve



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:00 AM

Posted 26 May 2013 - 01:22 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 01:47 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 03:17 PM

Ran the FRST64 scan.  Here is the log that resulted:

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 04
Ran by SYSTEM on 26-05-2013 16:11:51
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-15] (IDT, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\runonceex: [ContentMerger] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-20] (Google Inc.)
HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-16] (Google Inc.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\user\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\user\...\Run: [Softland] rundll32 "C:\Users\user\AppData\Local\uTorrent\Softland\rlqyn.dll",DllRegisterServer [315904 2013-05-22] (Adobe Systems Incorporated)
HKU\user\...\Run: [Sonic] rundll32.exe C:\Users\user\AppData\Local\Sonic\fpqeqesg.dll,rlxcisnwce [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-03-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-03-01] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 Mp3Tube Toolbar Service; C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe [227840 2011-04-29] (Mp3Tube)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe [240128 2009-07-15] (IDT, Inc.)
S2 SessionLauncher; C:\Users\user\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-04-22] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-01] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-04-12] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-04-12] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-04-12] (LG Electronics Inc.)
S3 mfeavfk01; No ImagePath
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-26 16:11 - 2013-05-26 16:11 - 00000000 ____D C:\FRST
2013-05-22 09:49 - 2013-05-26 03:14 - 00000000 ____D C:\Users\user\AppData\Local\Sonic
2013-05-17 10:53 - 2013-05-17 11:05 - 00000000 ____D C:\ProgramData\7E184085D76CAA6000007E17C272AEFA
2013-05-16 08:45 - 2013-04-22 11:46 - 00074560 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2013-05-16 07:19 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 07:19 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 07:19 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 07:19 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 07:19 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 07:19 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 07:19 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 07:19 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 07:19 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 07:19 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 07:19 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 07:19 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 14:46 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 14:46 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 14:46 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 14:46 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 14:46 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 14:46 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 14:46 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 14:46 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 14:46 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 14:46 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 14:46 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 14:44 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 14:44 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 14:44 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-06 11:56 - 2013-05-06 11:56 - 00026956 ____A C:\Users\user\Documents\9caruso5.5.xlsx
2013-05-02 11:17 - 2013-05-02 11:17 - 01632218 ____A C:\Users\user\Documents\St Windsor PPT.pptx
2013-05-01 15:41 - 2013-05-01 15:41 - 00009069 ____A C:\Users\user\Documents\ene security.xlsx
2013-05-01 15:18 - 2013-05-01 15:18 - 02812834 ____A C:\Users\user\Documents\St Windsor PPT (2).pptx
2013-04-29 12:11 - 2013-04-29 12:11 - 00026914 ____A C:\Users\user\Documents\9caruso4.28.xlsx
2013-04-26 09:49 - 2013-04-30 13:12 - 00013621 ____A C:\Users\user\Documents\ENE rsmeans data.xlsx

==================== One Month Modified Files and Folders =======

2013-05-26 16:11 - 2013-05-26 16:11 - 00000000 ____D C:\FRST
2013-05-26 11:56 - 2011-06-08 09:06 - 01717849 ____A C:\Windows\WindowsUpdate.log
2013-05-26 11:55 - 2013-01-22 12:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 11:55 - 2012-05-22 09:22 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000UA.job
2013-05-26 11:55 - 2011-11-15 18:16 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000UA.job
2013-05-26 11:55 - 2011-06-20 07:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-26 07:24 - 2011-11-15 18:15 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000Core.job
2013-05-26 06:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 06:55 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 06:52 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 06:50 - 2012-08-09 17:38 - 00000000 __RSD C:\Users\user\Documents\McAfee Vaults
2013-05-26 06:48 - 2011-06-20 07:13 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-26 06:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 06:48 - 2009-07-13 20:51 - 00072283 ____A C:\Windows\setupact.log
2013-05-26 03:14 - 2013-05-22 09:49 - 00000000 ____D C:\Users\user\AppData\Local\Sonic
2013-05-26 03:14 - 2011-06-20 10:19 - 00000000 ____D C:\Users\user\AppData\Roaming\SoftGrid Client
2013-05-25 16:42 - 2012-07-05 14:06 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-25 16:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-24 19:06 - 2012-05-22 09:22 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000Core.job
2013-05-22 17:00 - 2012-05-22 10:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-05-22 16:59 - 2013-01-01 11:09 - 00000000 ____D C:\Program Files\PeerBlock
2013-05-22 16:58 - 2011-06-21 07:27 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-05-22 09:48 - 2011-08-23 17:00 - 00000000 ____D C:\Users\user\AppData\Local\uTorrent
2013-05-17 12:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 11:05 - 2013-05-17 10:53 - 00000000 ____D C:\ProgramData\7E184085D76CAA6000007E17C272AEFA
2013-05-17 11:05 - 2011-06-08 09:35 - 00091990 ____A C:\Windows\PFRO.log
2013-05-16 19:20 - 2009-07-13 20:45 - 00316728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 07:34 - 2012-10-22 12:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 16:14 - 2012-07-05 14:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 16:14 - 2011-06-20 07:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-06 11:56 - 2013-05-06 11:56 - 00026956 ____A C:\Users\user\Documents\9caruso5.5.xlsx
2013-05-02 11:17 - 2013-05-02 11:17 - 01632218 ____A C:\Users\user\Documents\St Windsor PPT.pptx
2013-05-01 15:41 - 2013-05-01 15:41 - 00009069 ____A C:\Users\user\Documents\ene security.xlsx
2013-05-01 15:18 - 2013-05-01 15:18 - 02812834 ____A C:\Users\user\Documents\St Windsor PPT (2).pptx
2013-04-30 19:55 - 2012-08-09 17:37 - 00000000 ____D C:\Program Files\McAfee
2013-04-30 13:12 - 2013-04-26 09:49 - 00013621 ____A C:\Users\user\Documents\ENE rsmeans data.xlsx
2013-04-29 12:11 - 2013-04-29 12:11 - 00026914 ____A C:\Users\user\Documents\9caruso4.28.xlsx

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAcces. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-25 07:37:55

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 6132.51 MB
Available physical RAM: 5175.91 MB
Total Pagefile: 6130.66 MB
Available Pagefile: 5171.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.4 GB) (Free:22.56 GB) NTFS (Disk=0 Partition=3)
Drive f: () (Removable) (Total:0.94 GB) (Free:0.79 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.3 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4078C995)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7A580300)

========================================================
Disk: 2 (Size: 961 MB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=-440245157888) - (Type=00)

Last Boot: 2013-05-25 07:30

==================== End Of Log ============================

 

 

 

Regards,

 

Steve



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 05:01 PM

Download the enclosed file. [attachment=138040:fixlist.txt]

Save it next to FRST64.

Run FRST64 as you did before, except that this time around click on the fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 05:39 PM

Here is the log after downloading the fixlist.txt file and running FRST64 + Fix:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-05-2013 04
Ran by SYSTEM at 2013-05-26 18:36:28 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\Softland => Value deleted successfully.
HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\Sonic => Value deleted successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

==== End of Fixlog ====

 

 

 

 

Regards,

 

Steve



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 06:38 PM

Are you able to run FRST in Normal Mode. If you do, also run the fix.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 06:58 PM

I was able to run FRST64 in Normal mode.  Here is the resultant log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-05-2013 04
Ran by user at 2013-05-26 19:54:19 Run:2
Running from E:\
Boot Mode: Normal
==============================================

HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\Softland => Value not found.
HKEY_USERS\user\Software\Microsoft\Windows\CurrentVersion\Run\\Sonic => Value not found.
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.

==== End of Fixlog ====

 

 

 

Regards,

 

Steve



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 07:02 PM

Please re-scan with FRST64 in Normal mode and post the new FRST.txt. Is there an improvement?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 07:17 PM

Ran scan in Normal mode.  Everything seems to be working fine again.  Do you want to see the new FRST.txt log?



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 07:57 PM

Yes. And we should scan the computer. ZeroAccess never travels alone.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Run adwCleaner.

    Download AdwCleaner from here to your desktop
    Run AdwCleaner and select Delete

    AdwCleaner.GIF

    Once done it will ask to reboot, allow this
    On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

    bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

    Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 May 2013 - 09:00 PM

Here is the new FRST.txt log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 04
Ran by user (administrator) on 26-05-2013 20:07:48
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\system32\dleacoms.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Mp3Tube) C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\McAPExe.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mp3Tube) C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
() Q:\140061.enu\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Farbar) E:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-16] (IDT, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\runonceex: [ContentMerger] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-20] (Google Inc.)
HKCU\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-16] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\runonceex: [ContentMerger] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-483901833-212024964-3650181290-1000\$45c418cf591c32f2b48fb1c9ca0cc3ce\n. ATTENTION! ====> ZeroAccess
MountPoints2: {37ec91e9-778e-11e2-b8f5-0026b9db77a9} - E:\HPLauncher.exe
MountPoints2: {3be5e2c8-d8e6-11e1-b5e5-0026b9db77a9} - E:\TL_Bootstrap.exe
MountPoints2: {3be5e2df-d8e6-11e1-b5e5-0026b9db77a9} - E:\TL_Bootstrap.exe
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {85A0A6B1-FC38-4FFA-BBFC-1D122B55A51D} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=6a06a98c2ed640b2b0675e6d1ecf2064
SearchScopes: HKCU - {8BB08399-3672-4ACB-A6A8-D3B3113B1814} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Mp3Tube Toolbar - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
PDF: HKLM-x32 {03A89EFD-E023-A200-A22D-45F77558EB4C} https://ilinc.unh.edu/download/AXCltInstall.dll
PDF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.159.64.23 24.247.24.53

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://search.yahoo.com/firefox/?fr=yff40-sfp
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Conduit Engine  - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default\Extensions\engine@conduit.com
FF Extension: Yahoo! Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: uTorrentBar Community Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF Extension: jietjagbqa - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default\Extensions\jietjagbqa@jietjagbqa.org.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (uTorrentBar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.19.11_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-03-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-03-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 Mp3Tube Toolbar Service; C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe [227840 2011-04-29] (Mp3Tube)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_fd9b60625db011f9\STacSV64.exe [240128 2009-07-16] (IDT, Inc.)
S2 SessionLauncher; C:\Users\user\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-04-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
U3 mfeavfk01; No ImagePath
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-26 20:11 - 2013-05-26 19:54 - 00000000 ____D C:\FRST
2013-05-22 13:49 - 2013-05-26 07:14 - 00000000 ____D C:\Users\user\AppData\Local\Sonic
2013-05-17 14:53 - 2013-05-17 15:05 - 00000000 ____D C:\ProgramData\7E184085D76CAA6000007E17C272AEFA
2013-05-16 12:45 - 2013-04-22 15:46 - 00074560 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2013-05-16 11:19 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 11:19 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 11:19 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 11:19 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 11:19 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 11:19 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 11:19 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 11:19 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 11:19 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 11:19 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 11:19 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 11:19 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 18:46 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 18:46 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 18:46 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 18:46 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 18:46 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 18:46 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 18:46 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 18:46 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 18:46 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 18:46 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 18:46 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 18:44 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 18:44 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 18:44 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-06 15:56 - 2013-05-06 15:56 - 00026956 ____A C:\Users\user\Documents\9caruso5.5.xlsx
2013-05-02 15:17 - 2013-05-02 15:17 - 01632218 ____A C:\Users\user\Documents\St Windsor PPT.pptx
2013-05-01 19:41 - 2013-05-01 19:41 - 00009069 ____A C:\Users\user\Documents\ene security.xlsx
2013-05-01 19:18 - 2013-05-01 19:18 - 02812834 ____A C:\Users\user\Documents\St Windsor PPT (2).pptx
2013-04-29 16:11 - 2013-04-29 16:11 - 00026914 ____A C:\Users\user\Documents\9caruso4.28.xlsx
2013-04-26 13:49 - 2013-04-30 17:12 - 00013621 ____A C:\Users\user\Documents\ENE rsmeans data.xlsx
2013-04-26 00:51 - 2013-04-26 00:51 - 690703066 ____A C:\Windows\MEMORY.DMP

==================== One Month Modified Files and Folders =======

2013-05-26 20:08 - 2012-08-09 21:38 - 00000000 __RSD C:\Users\user\Documents\McAfee Vaults
2013-05-26 20:07 - 2012-05-22 14:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-05-26 20:06 - 2011-06-20 11:13 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-26 20:06 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 20:06 - 2009-07-14 00:51 - 00073191 ____A C:\Windows\setupact.log
2013-05-26 20:00 - 2011-06-20 14:19 - 00000000 ____D C:\Users\user\AppData\Roaming\SoftGrid Client
2013-05-26 20:00 - 2011-06-08 13:06 - 01722239 ____A C:\Windows\WindowsUpdate.log
2013-05-26 19:56 - 2009-07-14 01:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 19:56 - 2009-07-14 00:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 19:56 - 2009-07-14 00:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 19:54 - 2013-05-26 20:11 - 00000000 ____D C:\FRST
2013-05-26 19:48 - 2011-11-15 22:16 - 00002358 ____A C:\Users\user\Desktop\Google Chrome.lnk
2013-05-26 19:47 - 2009-07-14 01:08 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-26 15:55 - 2013-01-22 16:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 15:55 - 2012-05-22 13:22 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000UA.job
2013-05-26 15:55 - 2011-11-15 22:16 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000UA.job
2013-05-26 15:55 - 2011-06-20 11:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-26 11:24 - 2011-11-15 22:15 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000Core.job
2013-05-26 07:14 - 2013-05-22 13:49 - 00000000 ____D C:\Users\user\AppData\Local\Sonic
2013-05-25 20:42 - 2012-07-05 18:06 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-25 20:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-24 23:06 - 2012-05-22 13:22 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-483901833-212024964-3650181290-1000Core.job
2013-05-22 20:59 - 2013-01-01 15:09 - 00000000 ____D C:\Program Files\PeerBlock
2013-05-22 20:58 - 2011-06-21 11:27 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-05-22 13:48 - 2011-08-23 21:00 - 00000000 ____D C:\Users\user\AppData\Local\uTorrent
2013-05-17 16:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 15:05 - 2013-05-17 14:53 - 00000000 ____D C:\ProgramData\7E184085D76CAA6000007E17C272AEFA
2013-05-17 15:05 - 2011-06-08 13:35 - 00091990 ____A C:\Windows\PFRO.log
2013-05-16 23:20 - 2009-07-14 00:45 - 00316728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 11:34 - 2012-10-22 16:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 20:14 - 2012-07-05 18:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 20:14 - 2011-06-20 11:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-06 15:56 - 2013-05-06 15:56 - 00026956 ____A C:\Users\user\Documents\9caruso5.5.xlsx
2013-05-02 15:17 - 2013-05-02 15:17 - 01632218 ____A C:\Users\user\Documents\St Windsor PPT.pptx
2013-05-01 19:41 - 2013-05-01 19:41 - 00009069 ____A C:\Users\user\Documents\ene security.xlsx
2013-05-01 19:18 - 2013-05-01 19:18 - 02812834 ____A C:\Users\user\Documents\St Windsor PPT (2).pptx
2013-04-30 23:55 - 2012-08-09 21:37 - 00000000 ____D C:\Program Files\McAfee
2013-04-30 17:12 - 2013-04-26 13:49 - 00013621 ____A C:\Users\user\Documents\ENE rsmeans data.xlsx
2013-04-29 16:11 - 2013-04-29 16:11 - 00026914 ____A C:\Users\user\Documents\9caruso4.28.xlsx
2013-04-26 00:51 - 2013-04-26 00:51 - 690703066 ____A C:\Windows\MEMORY.DMP
2013-04-26 00:51 - 2011-09-06 22:26 - 00000000 ____D C:\Windows\Minidump
2013-04-26 00:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-25 11:30

==================== End Of Log ============================

 

 

Here is the AdCleaner log.txt:

 

# AdwCleaner v2.301 - Logfile created 05/26/2013 at 21:22:57
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Mp3Tube Toolbar Service

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Mp3Tube.xml
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\mp3tubetoolbar@mp3tubetoolbar.com
Folder Deleted : C:\Program Files (x86)\Mp3Tube Toolbar
Folder Deleted : C:\Program Files (x86)\ShoppingReport2
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Deleted : HKCU\Software\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\Software\Mp3Tube
Key Deleted : HKLM\Software\ShoppingReport2
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{261F322F-E2EC-4762-96C3-D06C664C69CE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7906031F-8419-413E-8356-59989C681721}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5A5728F-8470-4D24-BEAD-A45490DA22A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-US)

-\\ Google Chrome v27.0.1453.94

*************************

AdwCleaner[S1].txt - [7710 octets] - [26/05/2013 21:22:57]

########## EOF - C:\AdwCleaner[S1].txt - [7770 octets] ##########

 

 

 

Here is the Malwarebytes log.txt:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]

5/26/2013 9:29:55 PM
mbam-log-2013-05-26 (21-29-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216999
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\user\AppData\Local\Temp\rlqyn\rlqyn.dll (Trojan.Tracur.DL) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

(end)

 

 

   The TDSS scan ran fine.  It only came up with 2 suspicious objects which I Skip over as youou directed.  The txt log for TDSS is huge and I tried including it with this post but could not.  Do you want me to send it to you in multiple posts?  What is the character limit per post?

 

 

Regards,

 

 

Steve



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 26 May 2013 - 11:09 PM

I am glad we were able to catch all that adware. One more request.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Security check

Download and run Security Check by screen317 and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 SCaruso

SCaruso
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 28 May 2013 - 07:20 AM

Ran ESET scan.  Here is log:

 

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Default\aagcgggfgcdfgddcgcgbggdbdedhdhgb\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Default\aagcgggfgcdfgddcgcgbggdbdedhdhgb\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Default\aagcgggfgcdfgddcgcgbggdbdedhdhgb\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\uTorrent\Softland\rlqyn.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nngnp7d8.default\extensions\jietjagbqa@jietjagbqa.org.xpi JS/Redirector.NCI Trojan

 

 

 

When I hit the link you gave me for Security Check my McAfee gave me a warning that it was potentially dangerous.  Should I run it anyways?

 

 

Steve



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 28 May 2013 - 10:39 AM

When I hit the link you gave me for Security Check my McAfee gave me a warning that it was potentially dangerous.  Should I run it anyways?
 
 
Steve


Yes, please. There is no problems with that application. It s only a scanner.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users