Jump to content

Possible Infection - Help Please


Recommended Posts

Hi

 

I'm having a few issues with my laptop. In the 'Libraries', I can't access any of my documents, photos etc and get the error message stating that those links are "no longer working". I'm worried that I'm infected with ransomware (though I am able to access these files by going through the network subfolder). McAfee and Malwarebytes have come back with the all clear, but there are loads of random processes running and the laptop is generally running slowly. My logs are below. Any help is very much appreciated:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Christopher at 23:21:50 on 2013-08-29
Microsoft Windows 8  6.2.9200.0.1252.44.1033.18.8061.3867 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Windows\System32\Taskmgr.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
uRun: [spotify] "C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{29D1B608-7F7F-4A6D-851B-6BF9C709E472} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\k7xnfw02.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\k7xnfw02.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-11 20:35; 2020Player_WEB@2020Technologies.com; C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\k7xnfw02.default\extensions\2020Player_WEB@2020Technologies.com
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2013-4-30 35496]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-4-30 652344]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-7-20 56336]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-30 92536]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-2-14 93272]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 239616]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-9-30 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-30 1132480]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-16 135984]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-4-30 109184]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-30 165760]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-5-29 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-5-29 201304]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-5-29 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-5-29 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2013-4-30 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-4-30 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-4-30 182752]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-5-30 1900728]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-4-30 1914728]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-30 364416]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-25 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-10-1 132480]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-10-1 1337216]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
R3 ETD;Dell Touchpad;C:\Windows\System32\Drivers\ETD.sys [2013-4-30 211280]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-4-30 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-8-29 9000256]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-10 25568]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]
R3 NETwNe64;@oem3.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2013-4-30 4309032]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-4-30 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-30 683664]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-10 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-10 188896]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-4-30 10752]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-6-3 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-10 35296]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-4-30 332080]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-25 272176]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-08-29 21:46:31    --------    d-----w-    C:\ProgramData\HitmanPro
2013-08-29 20:30:40    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 21:48:04    --------    d-----w-    C:\Users\Christopher\AppData\Roaming\Malwarebytes
2013-08-21 21:47:55    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-21 21:47:54    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-21 21:47:54    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 21:47:42    --------    d-----w-    C:\Users\Christopher\AppData\Local\Programs
2013-08-21 06:16:54    240304    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin
2013-08-14 18:47:19    60648    ----a-w-    C:\Program Files\Windows Defender\MpUXSrv.exe
2013-08-14 07:34:39    694272    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 07:33:59    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 07:33:02    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 07:33:01    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 07:33:01    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 07:33:01    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 07:33:00    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-08-14 07:33:00    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-08-14 07:33:00    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-08-14 07:33:00    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 07:33:00    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-08-12 18:44:13    --------    d-----w-    C:\Users\Christopher\AppData\Roaming\ICAClient
2013-08-12 18:43:50    --------    d-----w-    C:\ProgramData\Citrix
2013-08-12 18:43:35    --------    d-----w-    C:\Users\Christopher\AppData\Local\Citrix
2013-08-12 18:43:35    --------    d-----w-    C:\Program Files (x86)\Common Files\Citrix
2013-08-12 18:43:31    --------    d-----w-    C:\Program Files (x86)\Citrix
2013-08-11 12:55:36    --------    d-----w-    C:\Program Files (x86)\Microsoft ActiveSync
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:13:28    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-07-26 05:13:28    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:13:15    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-07-09 06:07:17    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-01 11:54:16    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
.
============= FINISH: 23:22:31.53 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 29/05/2013 18:47:54
System Uptime: 29/08/2013 21:21:11 (2 hours ago)
.
Motherboard: Dell Inc. |  | 0PXH02
Processor: Intel® Core i7-3632QM CPU @ 2.20GHz | U3E1 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 768.342 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 18/08/2013 10:13:20 - Windows Update
RP22: 21/08/2013 23:03:25 - Windows Update
RP23: 25/08/2013 18:13:01 - Windows Update
RP24: 28/08/2013 22:39:53 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 11
Adobe Photoshop Lightroom 4.4 64-bit
Amazon Browser App
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Conexant SmartAudio HD
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Touchpad
Elements 11 Organizer
Intel PROSet Wireless
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.6
Intel® WiDi
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 23.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Online Plug-in
Photo Common
Photo Gallery
Photomatix Pro version 4.2.7
PowerXpressHybrid
PSE11 STI Installer
PX Profile Update
Quickset64
QuickTime
Realtek USB 2.0 Card Reader
Self-service Plug-in
Shared C Run-time for x64
Spotify
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
29/08/2013 23:02:11, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
29/08/2013 22:19:18, Error: mbamchameleon [61703]  -
28/08/2013 22:41:16, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
27/08/2013 21:22:59, Error: Service Control Manager [7046]  - The following service has repeatedly stopped responding to service control requests: McAfee Network Agent Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
27/08/2013 21:22:29, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
27/08/2013 21:14:25, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McOobeSv service.
27/08/2013 21:13:55, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
27/08/2013 21:13:25, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
27/08/2013 21:12:55, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
24/08/2013 08:22:10, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: AppexNews.AppXm7hnj7tzqqzrmb6spmf0x4fb91edcc71.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:AppexNews.AppX7gwgv0tpq105hyaq1wc9b9zyhgxf3e49.mca
24/08/2013 08:22:10, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: App.AppXt3792mahdb21m8w4crkzvg7mzqwrm6cd.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXr66mqf0x2y3pq68nbpvjhhxy6y0wat45.mca
24/08/2013 08:22:10, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: App.AppXckhq7ex47a0jh2z0wj5cd086mqkeegzy.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX42r8evwg359fn5xfrxhj5nv2n3dnya3e.mca
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello COliver! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

    Please visit this webpage and read the ComboFix User's Guide:

    • Once you've read the article and are ready to use the program you can download it directly from the link below.
    • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
    • Direct download link for: ComboFix.exe
    • Please make sure you disable your security applications before running ComboFix.
    • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
    • Please copy/paste the contents or attach that log file to your next reply.
    • If needed the file can be located here: C:\combofix.txt
    • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Hi Borislav

 

Many thanks for your help. Below is the text from Combofix:

 

ComboFix 13-08-30.01 - Christopher 30/08/2013  18:11:33.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.44.1033.18.8061.4409 [GMT 1:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll
c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll
c:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll
c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
c:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll
c:\programdata\Roaming
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\1f9d.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\205a.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\23b7.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\2818.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\3946.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\4580.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\5301.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\782a.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\7b7d.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\7c79.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\7d5a.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\8671.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\882d.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\a4fd.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\a744.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\a745.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac7c.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\ad2d.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\b50a.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\dbdc.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\e1e8.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\ed9b.ica
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\f9bc.ica
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 17:16 . 2013-08-30 17:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-29 21:46 . 2013-08-29 21:54    --------    d-----w-    c:\programdata\HitmanPro
2013-08-29 20:30 . 2013-08-29 21:19    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-21 21:48 . 2013-08-21 21:48    --------    d-----w-    c:\users\Christopher\AppData\Roaming\Malwarebytes
2013-08-21 21:47 . 2013-08-21 21:47    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-21 21:47 . 2013-08-21 21:47    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-21 21:47 . 2013-04-04 13:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-21 21:47 . 2013-08-21 21:47    --------    d-----w-    c:\users\Christopher\AppData\Local\Programs
2013-08-21 06:16 . 2013-08-21 06:16    240304    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin
2013-08-14 07:34 . 2013-05-23 23:02    1314816    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 07:33 . 2013-07-26 03:12    108032    ----a-w-    c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 07:33 . 2013-07-13 06:16    1889280    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 07:33 . 2013-07-13 06:18    337408    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 07:33 . 2013-07-13 04:24    261120    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 07:33 . 2013-07-13 04:23    1568256    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 07:33 . 2013-07-13 06:16    68096    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 07:33 . 2013-07-13 06:15    98304    ----a-w-    c:\windows\system32\apprepsync.dll
2013-08-14 07:33 . 2013-07-13 06:15    124416    ----a-w-    c:\windows\system32\apprepapi.dll
2013-08-14 07:33 . 2013-07-13 04:23    87040    ----a-w-    c:\windows\SysWow64\apprepapi.dll
2013-08-14 07:33 . 2013-07-13 04:23    74240    ----a-w-    c:\windows\SysWow64\apprepsync.dll
2013-08-12 18:44 . 2013-08-12 20:26    --------    d-----w-    c:\users\Christopher\AppData\Roaming\ICAClient
2013-08-12 18:43 . 2013-08-12 18:44    --------    d-----w-    c:\programdata\Citrix
2013-08-12 18:43 . 2013-08-12 18:44    --------    d-----w-    c:\users\Christopher\AppData\Local\Citrix
2013-08-12 18:43 . 2013-08-12 18:43    --------    d-----w-    c:\program files (x86)\Common Files\Citrix
2013-08-12 18:43 . 2013-08-12 18:44    --------    d-----w-    c:\program files (x86)\Citrix
2013-08-11 12:55 . 2013-08-11 12:55    --------    d-----w-    c:\program files (x86)\Microsoft ActiveSync
2013-08-11 12:51 . 2013-08-11 12:51    --------    d-----r-    C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-18 09:28 . 2013-06-02 13:37    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-08-14 07:24 . 2013-05-30 19:39    564432    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-06-27 22:04 . 2012-07-26 08:14    78200    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14    693112    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-21 18:00 . 2013-05-29 17:50    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-16 22:41 . 2013-07-20 07:22    997632    ----a-w-    c:\windows\system32\drivers\ndis.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-30 19:53    222712    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-30 19:53    222712    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-30 19:53    222712    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Christopher\AppData\Roaming\Spotify\Spotify.exe" [2013-07-25 4640768]
"Spotify Web Helper"="c:\users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-25 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-20 642216]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;Dell Touchpad;c:\windows\System32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 NETwNe64;@oem3.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-30 19:53    261624    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-30 19:53    261624    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-30 19:53    261624    ----a-w-    c:\users\Christopher\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-14 07:25    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-14 07:25    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-14 07:25    2328776    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2013-01-10 2774864]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-29 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-29 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-29 441152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\k7xnfw02.default\
FF - ExtSQL: 2013-08-11 20:35; 2020Player_WEB@2020Technologies.com; c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\k7xnfw02.default\extensions\2020Player_WEB@2020Technologies.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-30  18:18:14
ComboFix-quarantined-files.txt  2013-08-30 17:18
.
Pre-Run: 829,976,539,136 bytes free
Post-Run: 830,041,137,152 bytes free
.
- - End Of File - - D6156F28F754EF20FC834F64191FC194
5FB38429D5D77768867C76DCBDB35194
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

You're welcome1 :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.