Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHost.exe - COM Surrogate - Windows 7


  • This topic is locked This topic is locked
6 replies to this topic

#1 SDMenig

SDMenig

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 30 August 2014 - 03:41 PM

OS: Windows 7 | CPU: Dell Inspiron - intel i5 | Date of Issue; within the last 7 days

 

Issue: My computer is infected with malware that presents itself as 'dllhost.exe'.  It's noted as a 'COM Surrogate' in task manager and there are some 2-3 dozen instances of it that are open.

 

I see others here have had the same issue and there are different fixes for each case.  Attached are my FRST and ADDITION files from an FRST run.

 

 

 

Any assistance would be incredibly appreciated. Thanks  :).

 

Also, should I be performing any fixes you provide while I'm in Safe Mode?

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 PM

Posted 30 August 2014 - 05:08 PM

Hi there,

please run Combofix and post its log file. It's not necessary to run it in safe mode.
(And please always paste the contents of the log files into the thread and don't attach them if possible. Thanks.)


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 SDMenig

SDMenig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 30 August 2014 - 06:28 PM

aharonov-

Thanks for the quick response!  I just finished running ComboFix, per your suggestion.  Copied below is the log.  Things look to have improved remarkably!  

 

ComboFix 14-08-29.03 - Menig Laptop 08/30/2014  15:41:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6032.3957 [GMT -7:00]
Running from: c:\users\Menig Laptop\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Easy Speed Check
c:\program files (x86)\Easy Speed Check\easyspeedcheck.exe
c:\programdata\374311380
c:\programdata\374311380\BITDF47.tmp
c:\users\Menig Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\SmarterPower_iels
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-30  )))))))))))))))))))))))))))))))
.
.
2014-08-30 23:19 . 2014-08-30 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-28 06:39 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 06:39 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 06:39 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 01:49 . 2014-08-30 20:10 -------- d-----w- C:\FRST
2014-08-27 04:37 . 2014-08-27 04:44 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\Probit Software
2014-08-27 03:56 . 2014-08-29 04:40 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 03:55 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-27 03:55 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 03:55 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 03:55 . 2014-08-27 03:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-27 03:55 . 2014-08-27 03:55 -------- d-----w- c:\programdata\Malwarebytes
2014-08-27 03:55 . 2014-08-27 04:33 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-27 03:55 . 2014-08-27 03:55 -------- d-----w- c:\users\Menig Laptop\AppData\Local\globalUpdate
2014-08-27 03:53 . 2014-08-27 04:44 -------- d-----w- c:\program files (x86)\Probit Software
2014-08-27 03:47 . 2014-08-27 04:43 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\Activeris
2014-08-27 03:47 . 2014-05-08 19:31 19968 ----a-w- c:\windows\system32\roboot64.exe
2014-08-27 03:47 . 2014-08-27 04:33 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\VOPackage
2014-08-27 03:47 . 2014-08-27 03:47 -------- d-----w- c:\programdata\TVWizard
2014-08-26 17:22 . 2014-08-26 17:22 -------- d-----w- c:\users\Menig Laptop\AppData\Local\Adobe
2014-08-25 05:25 . 2014-08-25 05:25 -------- d-sh--w- c:\users\Menig Laptop\AppData\Local\EmieUserList
2014-08-25 05:25 . 2014-08-25 05:25 -------- d-sh--w- c:\users\Menig Laptop\AppData\Local\EmieSiteList
2014-08-25 05:23 . 2014-08-27 04:33 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\UpdaterEX
2014-08-25 05:22 . 2014-08-27 04:49 -------- d-----w- c:\program files (x86)\Optimizer Pro
2014-08-25 05:22 . 2014-08-25 05:22 -------- d-----w- c:\users\Menig Laptop\AppData\Local\Programs
2014-08-24 10:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-24 10:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-24 10:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-24 10:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-24 10:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-24 10:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-24 10:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-24 10:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 03:46 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-23 03:46 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-23 03:46 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-23 03:46 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-23 03:46 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-23 03:46 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-23 03:46 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-23 03:46 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-23 03:46 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-23 03:46 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-23 03:45 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-23 03:45 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-23 03:45 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-23 03:45 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-15 19:16 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-15 19:16 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-15 19:16 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-08-09 21:13 . 2014-08-09 21:13 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\Verizon_AR
2014-08-09 21:11 . 2014-08-09 21:11 -------- d-----w- c:\program files (x86)\Samsung
2014-08-09 21:09 . 2014-08-09 21:09 57344 ----a-r- c:\users\Menig Laptop\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
2014-08-09 21:09 . 2014-08-09 21:09 53248 ----a-r- c:\users\Menig Laptop\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\ARPPRODUCTICON.exe
2014-08-09 21:06 . 2014-08-09 21:06 57344 ----a-r- c:\users\Menig Laptop\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2014-08-09 21:06 . 2014-08-09 21:06 57344 ----a-r- c:\users\Menig Laptop\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2014-08-09 21:06 . 2014-08-09 21:06 53248 ----a-r- c:\users\Menig Laptop\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\ARPPRODUCTICON.exe
2014-08-09 20:49 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-08-09 20:49 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-08-09 20:49 . 2014-08-09 20:49 -------- d-----w- c:\program files\SAMSUNG
2014-08-09 20:48 . 2014-08-09 21:12 -------- d-----w- c:\programdata\Samsung
2014-08-09 20:47 . 2014-08-09 21:29 -------- d-----w- c:\users\Menig Laptop\AppData\Roaming\VERIZON
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-20 17:38 . 2012-11-09 11:40 72128 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-06-20 17:31 . 2012-11-09 11:37 348552 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 17:30 . 2014-04-09 06:12 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-06-20 17:26 . 2012-11-09 11:35 786296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-06-20 17:23 . 2012-11-09 11:34 523792 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-06-20 17:21 . 2012-11-09 11:34 313544 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 17:20 . 2012-11-09 11:33 181704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 10:12 . 2014-06-18 10:12 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-06-18 10:12 . 2014-06-18 10:12 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-06-18 10:11 . 2014-06-18 10:11 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-06-18 02:18 . 2014-07-17 02:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-17 02:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-17 02:39 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-17 02:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-17 02:36 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-17 02:35 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-17 02:35 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_6F94729EBAB39FC97875D695EF642D44"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-12-11 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-20 292848]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-9-21 1395928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 19:11 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-08 08:22]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15 03:14]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15 03:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-20 7202520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2013-10-22 8921600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 770032]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-31 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uSearchAssistant = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-30  16:22:04
ComboFix-quarantined-files.txt  2014-08-30 23:22
.
Pre-Run: 271,270,203,392 bytes free
Post-Run: 271,415,046,144 bytes free
.
- - End Of File - - AE81A43132A1A8CDECDBBCCA9DD427EE
5C616939100B85E558DA92B899A0FC36


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 PM

Posted 30 August 2014 - 06:52 PM

Great, this worked well.
How is your computer running after the following steps?


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 SDMenig

SDMenig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 01 September 2014 - 01:28 PM

I apologize for the delay - I've been away from my computer sporadically over the last couple of days.  Here is the first log you requested for AdWare:

 

# AdwCleaner v3.308 - Report created 30/08/2014 at 16:57:32
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Menig Laptop - MENIGLAPTOP-PC
# Running from : C:\Users\Menig Laptop\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Users\Menig Laptop\AppData\Local\globalUpdate
Folder Found : C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobemmdckhidcigekdfeliheflmmccji
Folder Found : C:\Users\Menig Laptop\AppData\Roaming\Activeris
Folder Found : C:\Users\Menig Laptop\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\Menig Laptop\AppData\Roaming\VOPackage
Folder Found : C:\Users\Menig Laptop\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : LaunchSignup
Task Found : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
Shortcut Found : C:\Users\Menig Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
Shortcut Found : C:\Users\Menig Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
Shortcut Found : C:\Users\Menig Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
Shortcut Found : C:\Users\Menig Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.istart123.com/?type=sc&ts=1409111236&from=tugs&uid=ST500LT012-1DG142_S3P521ZRXXXXS3P521ZR )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\Astromenda
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\Astromenda
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{9E030FA9-18A5-A636-B79E-555753210043}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : hobemmdckhidcigekdfeliheflmmccji
 
*************************
 
AdwCleaner[R0].txt - [8121 octets] - [30/08/2014 16:57:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8181 octets] ##########

Here's the log for ESET:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Menig Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QL6IJL8\find[1].htm HTML/Iframe.B.Gen virus
C:\Users\Menig Laptop\Downloads\Picasa_Setup (1).exe a variant of Win32/InstallCore.QC potentially unwanted application
C:\Users\Menig Laptop\Downloads\Picasa_Setup.exe a variant of Win32/InstallCore.QC potentially unwanted application
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\pvr0.dll a variant of Win32/Poweliks.A trojan

Here's the log for the latest FRST run:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Menig Laptop (administrator) on MENIGLAPTOP-PC on 01-09-2014 11:08:53
Running from C:\Users\Menig Laptop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-13] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8921600 2013-10-22] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3173108831-4246355855-1817653519-1001\...\Run: [GoogleChromeAutoLaunch_6F94729EBAB39FC97875D695EF642D44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {95042AD2-34F9-48DA-BA02-3F49B176B81E} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-08]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://news.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-14]
CHR Extension: (YouTube) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (Gmail) - C:\Users\Menig Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6170624 2013-10-22] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-10-22] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 11:08 - 2014-09-01 11:08 - 00000000 ____D () C:\Users\Menig Laptop\Downloads\FRST-OlderVersion
2014-09-01 11:07 - 2014-09-01 11:07 - 00000909 _____ () C:\Users\Menig Laptop\Desktop\eset.txt
2014-08-31 12:01 - 2014-08-31 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-30 17:08 - 2014-08-30 17:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-30 17:07 - 2014-08-30 17:07 - 02347384 _____ (ESET) C:\Users\Menig Laptop\Desktop\esetsmartinstaller_enu.exe
2014-08-30 17:06 - 2014-08-30 17:07 - 02347384 _____ (ESET) C:\Users\Menig Laptop\Downloads\esetsmartinstaller_enu.exe
2014-08-30 17:02 - 2014-08-30 17:02 - 00007602 _____ () C:\Users\Menig Laptop\Desktop\AdwCleaner[S0].txt
2014-08-30 16:57 - 2014-08-30 17:00 - 00000000 ____D () C:\AdwCleaner
2014-08-30 16:56 - 2014-08-30 16:56 - 01364531 _____ () C:\Users\Menig Laptop\Downloads\AdwCleaner.exe
2014-08-30 16:56 - 2014-08-30 16:56 - 01364531 _____ () C:\Users\Menig Laptop\Desktop\AdwCleaner.exe
2014-08-30 16:23 - 2014-08-30 16:23 - 00026761 _____ () C:\Users\Menig Laptop\Desktop\combofix2.txt
2014-08-30 16:22 - 2014-08-30 16:22 - 00026761 _____ () C:\ComboFix.txt
2014-08-30 15:39 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 15:39 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 15:39 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 15:39 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 15:39 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 15:39 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 15:39 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 15:39 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 15:38 - 2014-08-30 16:22 - 00000000 ____D () C:\Qoobox
2014-08-30 15:37 - 2014-08-30 16:20 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 15:27 - 2014-08-30 15:25 - 05576760 ____R (Swearware) C:\Users\Menig Laptop\Desktop\ComboFix.exe
2014-08-30 15:24 - 2014-08-30 15:25 - 05576760 _____ (Swearware) C:\Users\Menig Laptop\Downloads\ComboFix.exe
2014-08-28 22:49 - 2014-08-28 23:14 - 00024319 _____ () C:\Users\Menig Laptop\Downloads\Addition.txt
2014-08-27 23:39 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:39 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:39 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 18:50 - 2014-09-01 11:08 - 00017026 _____ () C:\Users\Menig Laptop\Downloads\FRST.txt
2014-08-27 18:49 - 2014-09-01 11:08 - 00000000 ____D () C:\FRST
2014-08-27 18:47 - 2014-09-01 11:08 - 02104832 _____ (Farbar) C:\Users\Menig Laptop\Downloads\FRST64.exe
2014-08-26 21:37 - 2014-08-26 21:44 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\Probit Software
2014-08-26 21:36 - 2014-08-30 17:01 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-26 20:56 - 2014-08-30 16:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 20:55 - 2014-08-26 20:55 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 20:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 20:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-26 20:54 - 2014-08-26 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-26 20:53 - 2014-08-26 21:44 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-08-26 20:47 - 2014-08-26 20:47 - 00000000 ____D () C:\ProgramData\TVWizard
2014-08-26 10:50 - 2014-08-26 10:50 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 10:22 - 2014-08-26 10:22 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Local\Adobe
2014-08-25 00:45 - 2014-08-25 00:45 - 00000045 _____ () C:\Users\Menig Laptop\AppData\Roaming\WB.CFG
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 22:25 - 2014-08-24 22:25 - 00000000 __SHD () C:\Users\Menig Laptop\AppData\Local\EmieUserList
2014-08-24 22:25 - 2014-08-24 22:25 - 00000000 __SHD () C:\Users\Menig Laptop\AppData\Local\EmieSiteList
2014-08-24 22:24 - 2014-08-24 22:24 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-08-24 22:24 - 2014-08-24 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-24 22:23 - 2014-08-24 22:23 - 00862064 _____ ( ) C:\Users\Menig Laptop\Downloads\Picasa_Setup (1).exe
2014-08-24 22:22 - 2014-08-24 22:21 - 17385800 _____ (Google Inc.) C:\Users\Menig Laptop\Downloads\picasa_pc_setup.exe
2014-08-24 22:18 - 2014-08-24 22:18 - 00862064 _____ ( ) C:\Users\Menig Laptop\Downloads\Picasa_Setup.exe
2014-08-24 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-24 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-24 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-24 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-24 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-24 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-24 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-24 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 20:46 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 20:46 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 20:46 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 20:46 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 20:46 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 20:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 20:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 20:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 20:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 22:10 - 2014-08-23 22:01 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\Layla's 1st Birthday
2014-08-15 12:16 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 12:16 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 12:16 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 12:16 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 12:15 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 12:15 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 12:15 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 12:15 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 12:15 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 12:15 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 12:15 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 12:15 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 12:15 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 12:15 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 12:15 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 12:15 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 12:15 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 12:15 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 12:15 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 12:15 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 12:15 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 12:15 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 12:15 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 12:15 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 12:15 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 12:15 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 12:15 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 12:15 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 12:15 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 12:15 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 12:15 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 12:15 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 12:15 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 12:15 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 12:15 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 12:15 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 12:15 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 12:15 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 12:15 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 12:15 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 12:15 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 12:15 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 12:15 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 12:15 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 12:15 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 12:15 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 12:15 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 12:15 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 12:15 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 12:15 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 12:15 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 12:15 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 12:15 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 12:15 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 12:15 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 12:15 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 12:15 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 12:15 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 12:15 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 12:15 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 12:15 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 12:15 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 12:15 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 12:15 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 12:15 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 12:15 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 12:15 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 12:15 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 12:15 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 12:15 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 12:15 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 12:15 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 16:00 - 2014-08-12 16:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-09 16:43 - 2014-08-27 16:12 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\Colorado Trip
2014-08-09 16:35 - 2014-08-09 16:44 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\New folder
2014-08-09 14:29 - 2014-08-09 14:29 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\Verizon_AR
2014-08-09 14:11 - 2014-08-09 14:11 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-09 13:49 - 2014-08-09 13:49 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-08-09 13:49 - 2014-06-15 23:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-08-09 13:49 - 2014-06-15 23:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-08-09 13:48 - 2014-08-09 14:12 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-09 13:47 - 2014-08-09 14:29 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\VERIZON
2014-08-09 13:47 - 2014-08-09 13:47 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 11:09 - 2014-08-27 18:50 - 00017026 _____ () C:\Users\Menig Laptop\Downloads\FRST.txt
2014-09-01 11:08 - 2014-09-01 11:08 - 00000000 ____D () C:\Users\Menig Laptop\Downloads\FRST-OlderVersion
2014-09-01 11:08 - 2014-08-27 18:49 - 00000000 ____D () C:\FRST
2014-09-01 11:08 - 2014-08-27 18:47 - 02104832 _____ (Farbar) C:\Users\Menig Laptop\Downloads\FRST64.exe
2014-09-01 11:07 - 2014-09-01 11:07 - 00000909 _____ () C:\Users\Menig Laptop\Desktop\eset.txt
2014-09-01 11:05 - 2014-07-14 20:14 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 11:05 - 2014-04-08 01:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 07:27 - 2014-07-14 20:14 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 07:27 - 2014-04-08 22:45 - 01944022 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 12:07 - 2014-07-14 20:11 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-31 12:01 - 2014-08-31 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-30 17:13 - 2009-07-13 21:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 17:13 - 2009-07-13 21:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 17:10 - 2014-04-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-30 17:08 - 2014-08-30 17:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-30 17:07 - 2014-08-30 17:07 - 02347384 _____ (ESET) C:\Users\Menig Laptop\Desktop\esetsmartinstaller_enu.exe
2014-08-30 17:07 - 2014-08-30 17:06 - 02347384 _____ (ESET) C:\Users\Menig Laptop\Downloads\esetsmartinstaller_enu.exe
2014-08-30 17:07 - 2009-07-13 22:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 17:02 - 2014-08-30 17:02 - 00007602 _____ () C:\Users\Menig Laptop\Desktop\AdwCleaner[S0].txt
2014-08-30 17:01 - 2014-08-26 21:36 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-30 17:01 - 2010-11-20 20:47 - 00373776 _____ () C:\Windows\PFRO.log
2014-08-30 17:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 17:01 - 2009-07-13 21:51 - 00050508 _____ () C:\Windows\setupact.log
2014-08-30 17:00 - 2014-08-30 16:57 - 00000000 ____D () C:\AdwCleaner
2014-08-30 17:00 - 2014-07-14 20:14 - 00001292 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-30 17:00 - 2014-07-14 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-30 16:56 - 2014-08-30 16:56 - 01364531 _____ () C:\Users\Menig Laptop\Downloads\AdwCleaner.exe
2014-08-30 16:56 - 2014-08-30 16:56 - 01364531 _____ () C:\Users\Menig Laptop\Desktop\AdwCleaner.exe
2014-08-30 16:34 - 2014-08-26 20:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 16:23 - 2014-08-30 16:23 - 00026761 _____ () C:\Users\Menig Laptop\Desktop\combofix2.txt
2014-08-30 16:22 - 2014-08-30 16:22 - 00026761 _____ () C:\ComboFix.txt
2014-08-30 16:22 - 2014-08-30 15:38 - 00000000 ____D () C:\Qoobox
2014-08-30 16:22 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-30 16:20 - 2014-08-30 15:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 16:19 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-30 15:26 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\Devices
2014-08-30 15:25 - 2014-08-30 15:27 - 05576760 ____R (Swearware) C:\Users\Menig Laptop\Desktop\ComboFix.exe
2014-08-30 15:25 - 2014-08-30 15:24 - 05576760 _____ (Swearware) C:\Users\Menig Laptop\Downloads\ComboFix.exe
2014-08-28 23:14 - 2014-08-28 22:49 - 00024319 _____ () C:\Users\Menig Laptop\Downloads\Addition.txt
2014-08-28 03:23 - 2009-07-13 21:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 16:12 - 2014-08-09 16:43 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\Colorado Trip
2014-08-26 21:44 - 2014-08-26 21:37 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\Probit Software
2014-08-26 21:44 - 2014-08-26 20:53 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-08-26 21:41 - 2014-07-23 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-08-26 21:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-26 21:33 - 2014-07-14 18:00 - 00000000 ____D () C:\Users\Menig Laptop
2014-08-26 20:55 - 2014-08-26 20:55 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 20:55 - 2014-08-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 20:54 - 2014-08-26 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-26 20:54 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-26 20:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-26 20:47 - 2014-08-26 20:47 - 00000000 ____D () C:\ProgramData\TVWizard
2014-08-26 20:45 - 2014-04-08 23:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-26 20:40 - 2009-07-13 19:34 - 00000537 _____ () C:\Windows\win.ini
2014-08-26 10:50 - 2014-08-26 10:50 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 10:38 - 2014-04-08 23:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-26 10:22 - 2014-08-26 10:22 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Local\Adobe
2014-08-26 10:22 - 2014-07-14 18:04 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\Adobe
2014-08-25 00:45 - 2014-08-25 00:45 - 00000045 _____ () C:\Users\Menig Laptop\AppData\Roaming\WB.CFG
2014-08-24 22:27 - 2014-08-24 22:27 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 22:25 - 2014-08-24 22:25 - 00000000 __SHD () C:\Users\Menig Laptop\AppData\Local\EmieUserList
2014-08-24 22:25 - 2014-08-24 22:25 - 00000000 __SHD () C:\Users\Menig Laptop\AppData\Local\EmieSiteList
2014-08-24 22:24 - 2014-08-24 22:24 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-08-24 22:24 - 2014-08-24 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-24 22:24 - 2014-07-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-24 22:24 - 2014-07-14 20:13 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Local\Google
2014-08-24 22:23 - 2014-08-24 22:23 - 00862064 _____ ( ) C:\Users\Menig Laptop\Downloads\Picasa_Setup (1).exe
2014-08-24 22:21 - 2014-08-24 22:22 - 17385800 _____ (Google Inc.) C:\Users\Menig Laptop\Downloads\picasa_pc_setup.exe
2014-08-24 22:18 - 2014-08-24 22:18 - 00862064 _____ ( ) C:\Users\Menig Laptop\Downloads\Picasa_Setup.exe
2014-08-24 03:29 - 2014-04-08 23:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-24 03:00 - 2014-07-20 01:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-23 22:01 - 2014-08-17 22:10 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\Layla's 1st Birthday
2014-08-22 19:07 - 2014-08-27 23:39 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 23:39 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 23:39 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 22:29 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-12 16:00 - 2014-08-12 16:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-09 16:44 - 2014-08-09 16:35 - 00000000 ____D () C:\Users\Menig Laptop\Desktop\New folder
2014-08-09 14:29 - 2014-08-09 14:29 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-09 14:29 - 2014-08-09 13:47 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\VERIZON
2014-08-09 14:13 - 2014-08-09 14:13 - 00000000 ____D () C:\Users\Menig Laptop\AppData\Roaming\Verizon_AR
2014-08-09 14:12 - 2014-08-09 13:48 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-09 14:12 - 2014-04-08 23:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-09 14:11 - 2014-08-09 14:11 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-09 13:49 - 2014-08-09 13:49 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-08-09 13:47 - 2014-08-09 13:47 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-08-06 19:06 - 2014-08-15 12:15 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 12:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 20:19 - 2014-04-08 23:12 - 00000000 ____D () C:\Program Files\Common Files\mcafee
 
Some content of TEMP:
====================
C:\Users\Menig Laptop\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-09 15:04
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 PM

Posted 01 September 2014 - 02:10 PM

No problem. :)
It looks good now.


Please download this attached Attached File  fixlist.txt   1.21KB   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 12 ActiveX




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 PM

Posted 19 September 2014 - 02:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users