Jump to content

HiJAckThis and infected - help


Dig

Recommended Posts

Hi All: I have a Win7 computer that must be infected as it is barely running. When I open task manager there are 30 dllhost.exe runnings and not sure why but I have 4GBs memory and it is almost all taken.

 

I ran Malwarebytes both in regular mode and safe mode quick and deep scan. The first scan showed some problems but after I cleaned it and ran the scans again nothing showed. I also ran microsoft security essentials and after the first run it showed some problems but after I cleaned them and ran it again nothing showed.

 

The computer barley runs. I then opened IE and deleted everything from the Internet options. I also went into temp directories and deleted everything. The computer still runs painfully slow. So I ran HiJackThis.

 

Running HiJackThis gave me a note pad full of information that I am not sure what to do. So now I have this HiJackThis analysis that is greek to me and after coming here and reading the information on this forum, the directions say to run DDS and then layout that information.

 

Is there anything useful in the HJT file that someone could read and maybe offer some help?

 

I have attached the file but if it is useless please let me know and I will run the DDS and go from there.

 

Any help appreciated.

hijackthis-01.txt

Link to post
Share on other sites

Hello Dig and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
I would like to see your DDS log files.
Link to post
Share on other sites

Thanks Maniac:

 

I just downloaded dds to the desktop and ran it. It ran to about 75% then just stopped. I rebooted and ran again and the progress bar ran to about 75% then stopped. It has been at the mark for about 15 minutes.

 

Should I run dds in safemode? 

 

Any help appreciated

Thanks

Link to post
Share on other sites

Hi Maniac:

 

Just ignore the last message. Forgot to disconnect microsoft security. Once I did that it ran fine.

 

Please find the files attached as you asked.

I look forward to hearing from you

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by office room at 12:36:48 on 2013-12-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.411 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OSD\DellOSDservice.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Dell\OSD\DellOSD.exe
C:\Program Files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaPSWX.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\spool\DRIVERS\x64\3\dleaJSWX.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Atewcoaktyiwny] "C:\Users\office room\AppData\Roaming\Fahiofeb\soxee.exe"
mRun: [shwiconXP6366] c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [uCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam\1.1"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [FAStartup] <no file>
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\OFFICE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4BE36C49-032C-4C52-899C-BDEB879655C8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FEEB621F-3BAF-433C-896E-F9F7BCC0DD66} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= c:\progra~2\safesa~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj"
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-12-15 09:04:43 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1276EA44-A1EF-4B3C-9194-686143586A6B}\offreg.dll
2013-12-15 08:53:58 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1276EA44-A1EF-4B3C-9194-686143586A6B}\mpengine.dll
2013-12-15 08:38:45 745975 ----a-w- C:\ProgramData\SPLB441.tmp
2013-12-15 08:16:59 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-15 08:16:58 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-12-15 08:16:56 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-12-15 08:16:55 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-12-15 08:16:41 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-15 08:16:40 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-14 21:50:34 217215 ----a-w- C:\Windows\SysWow64\uhcuercu.exe
2013-12-14 21:50:27 -------- d-----w- C:\Users\office room\AppData\Roaming\Eqfucak
2013-12-14 21:50:21 217215 ----a-w- C:\Windows\SysWow64\adqebu.exe
2013-12-14 21:49:34 -------- d-----w- C:\Users\office room\AppData\Roaming\Okcuaxup
2013-12-14 21:49:08 217215 ----a-w- C:\Windows\SysWow64\naezybivy.exe
2013-12-14 21:49:05 -------- d-----w- C:\Users\office room\AppData\Roaming\Ucguupuq
2013-12-14 21:48:05 217215 ----a-w- C:\Windows\SysWow64\cegyora.exe
2013-12-14 21:48:01 -------- d-----w- C:\Users\office room\AppData\Roaming\Ulziva
2013-12-14 21:47:34 217215 ----a-w- C:\Windows\SysWow64\owunufi.exe
2013-12-14 21:47:24 -------- d-----w- C:\Users\office room\AppData\Roaming\Beyxegoc
2013-12-14 21:46:35 217215 ----a-w- C:\Windows\SysWow64\ohasnesygy.exe
2013-12-14 21:46:25 -------- d-----w- C:\Users\office room\AppData\Roaming\Undiak
2013-12-14 21:45:55 217215 ----a-w- C:\Windows\SysWow64\uzyqpio.exe
2013-12-14 21:45:49 -------- d-----w- C:\Users\office room\AppData\Roaming\Fahiofeb
2013-12-14 15:18:15 745975 ----a-w- C:\ProgramData\SPLFF25.tmp
2013-12-14 15:09:41 745975 ----a-w- C:\ProgramData\SPLCEE2.tmp
2013-12-14 08:30:01 745975 ----a-w- C:\ProgramData\SPL9D38.tmp
2013-12-13 23:39:11 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-13 23:18:25 745975 ----a-w- C:\ProgramData\SPL6621.tmp
2013-12-12 18:23:22 745975 ----a-w- C:\ProgramData\SPLF9C8.tmp
2013-12-11 09:33:16 745975 ----a-w- C:\ProgramData\SPL8B7C.tmp
2013-12-11 09:08:07 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 09:08:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 09:08:02 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 09:08:00 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 06:17:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 06:17:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 06:10:32 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 06:10:31 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 06:10:28 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 06:05:48 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 06:05:48 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 06:05:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 06:05:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 06:03:46 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 06:03:46 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 06:03:13 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 06:03:13 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 06:03:13 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-11 06:03:12 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 06:03:12 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 06:03:12 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 06:03:12 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 06:03:11 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-10 21:35:10 -------- d-----w- C:\Users\office room\AppData\Roaming\TeamViewer
2013-12-10 21:33:03 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-12-10 21:10:48 745975 ----a-w- C:\ProgramData\SPL80F1.tmp
2013-12-10 10:24:44 745975 ----a-w- C:\ProgramData\SPL1985.tmp
2013-12-09 02:12:01 745975 ----a-w- C:\ProgramData\SPLF324.tmp
2013-12-08 22:34:30 745975 ----a-w- C:\ProgramData\SPLE10B.tmp
2013-12-08 21:49:40 -------- d-----w- C:\Users\office room\AppData\Local\{4CC44282-087F-479B-802C-F3B1F8D8CA43}
2013-12-06 17:24:55 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADB17DB0-AC46-4351-A96C-EC1C4B5BBE30}\gapaengine.dll
2013-12-01 17:08:56 745975 ----a-w- C:\ProgramData\SPLE31D.tmp
2013-12-01 16:54:09 745975 ----a-w- C:\ProgramData\SPLE474.tmp
2013-12-01 16:12:30 745975 ----a-w- C:\ProgramData\SPLF97A.tmp
2013-12-01 13:48:49 745975 ----a-w- C:\ProgramData\SPLF1C.tmp
2013-12-01 02:36:41 745975 ----a-w- C:\ProgramData\SPLD529.tmp
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-14 08:35:37 745975 ----a-w- C:\ProgramData\SPLB0D7.tmp
2013-11-05 16:44:38 745975 ----a-w- C:\ProgramData\SPLC503.tmp
2013-11-04 12:24:04 745975 ----a-w- C:\ProgramData\SPL369.tmp
2013-10-27 16:44:09 745975 ----a-w- C:\ProgramData\SPL30CF.tmp
2013-10-22 12:25:07 745975 ----a-w- C:\ProgramData\SPLD4CB.tmp
2013-10-22 11:05:07 745975 ----a-w- C:\ProgramData\SPLAF61.tmp
2013-10-21 04:41:21 745975 ----a-w- C:\ProgramData\SPLD152.tmp
2013-10-16 21:41:26 745975 ----a-w- C:\ProgramData\SPLD47D.tmp
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 08:00:43 745975 ----a-w- C:\ProgramData\SPL928E.tmp
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 14:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 12:40:39.59 ===============
 
Attach
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 1/20/2011 4:43:22 PM
System Uptime: 12/15/2013 3:38:00 AM (9 hours ago)
.
Motherboard: Dell Inc. |  | 0DPRF9           
Processor: AMD Athlon II X2 250u Processor | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 332.232 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer: 
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Accidental Damage Services Agreement
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin 64-bit
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Bing Bar
Bing Maps 3D
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CIR Tool Kit
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
CyberLink YouPaint
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center (Support Software)
Dell Toolbar
Dell Touch Software Suite Games
Dell TouchCam
Dell V310-V510 Series
Dell VideoStage
DellOSD
DW WLAN Card Utility
EasyLife Search 1.74
FastAccess
FUJIFILM MyFinePix Studio 1.0
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HomeNet Manager
HP FWUpdateEDO2
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticAlert
HPOJ6700FWUpdateAlert
I.R.I.S. OCR
iCloud
iTunes
iYogi Support Dock 4.3
Java Auto Updater
Java 6 Update 21 (64-bit)
Java 6 Update 35
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
MSVCRT
MSVCRT_amd64
Multimedia Card Reader
Musicnotes Software Suite 1.7.2
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
SafeSaver 1.74
Scrapbook Factory Deluxe 5.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skins
Skype Toolbars
Skype™ 5.10
StickyNotes
TeamViewer 9
The Sims™ 3
The Sims™ 3 Ambitions
THX TruStudio PC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Viewpoint Media Player
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

Please uninstall this application: SafeSaver 1.74

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here is the combofix file

 

ComboFix 13-12-13.01 - office room 12/15/2013  19:42:31.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.328 [GMT -5:00]
Running from: c:\users\office room\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\E70E.tmp
c:\programdata\Microsoft\Windows\DRM\E76F.tmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\SPL1985.tmp
c:\programdata\SPL1E90.tmp
c:\programdata\SPL2CBA.tmp
c:\programdata\SPL30CF.tmp
c:\programdata\SPL369.tmp
c:\programdata\SPL3E37.tmp
c:\programdata\SPL3EF0.tmp
c:\programdata\SPL4349.tmp
c:\programdata\SPL43D8.tmp
c:\programdata\SPL4B80.tmp
c:\programdata\SPL4DDA.tmp
c:\programdata\SPL512B.tmp
c:\programdata\SPL5179.tmp
c:\programdata\SPL5259.tmp
c:\programdata\SPL533D.tmp
c:\programdata\SPL54D3.tmp
c:\programdata\SPL5571.tmp
c:\programdata\SPL588.tmp
c:\programdata\SPL5D7A.tmp
c:\programdata\SPL61FC.tmp
c:\programdata\SPL6585.tmp
c:\programdata\SPL6621.tmp
c:\programdata\SPL73D3.tmp
c:\programdata\SPL7619.tmp
c:\programdata\SPL7665.tmp
c:\programdata\SPL7770.tmp
c:\programdata\SPL7BD5.tmp
c:\programdata\SPL7FC3.tmp
c:\programdata\SPL80F1.tmp
c:\programdata\SPL8538.tmp
c:\programdata\SPL8B7C.tmp
c:\programdata\SPL8C6.tmp
c:\programdata\SPL927E.tmp
c:\programdata\SPL928E.tmp
c:\programdata\SPL9349.tmp
c:\programdata\SPL9867.tmp
c:\programdata\SPL9B35.tmp
c:\programdata\SPL9BC1.tmp
c:\programdata\SPL9D38.tmp
c:\programdata\SPLA39E.tmp
c:\programdata\SPLAA52.tmp
c:\programdata\SPLACB2.tmp
c:\programdata\SPLAF51.tmp
c:\programdata\SPLAF61.tmp
c:\programdata\SPLB0B8.tmp
c:\programdata\SPLB0D7.tmp
c:\programdata\SPLB2F9.tmp
c:\programdata\SPLB441.tmp
c:\programdata\SPLB6C2.tmp
c:\programdata\SPLB846.tmp
c:\programdata\SPLBD93.tmp
c:\programdata\SPLBF7F.tmp
c:\programdata\SPLC23.tmp
c:\programdata\SPLC36D.tmp
c:\programdata\SPLC3EA.tmp
c:\programdata\SPLC503.tmp
c:\programdata\SPLC531.tmp
c:\programdata\SPLC705.tmp
c:\programdata\SPLC9A7.tmp
c:\programdata\SPLC9E3.tmp
c:\programdata\SPLCA8E.tmp
c:\programdata\SPLCBC6.tmp
c:\programdata\SPLCDE8.tmp
c:\programdata\SPLCE84.tmp
c:\programdata\SPLCED2.tmp
c:\programdata\SPLCEE2.tmp
c:\programdata\SPLCF5F.tmp
c:\programdata\SPLD152.tmp
c:\programdata\SPLD47D.tmp
c:\programdata\SPLD4CB.tmp
c:\programdata\SPLD529.tmp
c:\programdata\SPLD76A.tmp
c:\programdata\SPLDDB1.tmp
c:\programdata\SPLE10B.tmp
c:\programdata\SPLE149.tmp
c:\programdata\SPLE31D.tmp
c:\programdata\SPLE362.tmp
c:\programdata\SPLE43D.tmp
c:\programdata\SPLE474.tmp
c:\programdata\SPLE520.tmp
c:\programdata\SPLE629.tmp
c:\programdata\SPLE83B.tmp
c:\programdata\SPLE983.tmp
c:\programdata\SPLF048.tmp
c:\programdata\SPLF1C.tmp
c:\programdata\SPLF324.tmp
c:\programdata\SPLF47B.tmp
c:\programdata\SPLF8DE.tmp
c:\programdata\SPLF90D.tmp
c:\programdata\SPLF97A.tmp
c:\programdata\SPLF9C8.tmp
c:\programdata\SPLFF25.tmp
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\51cca02b5335c2.82128793.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\background.html
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\content.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\lsdb.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\manifest.json
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\newtab.html
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\sqlite.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\51cc9ff335abf3.36743653.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\background.html
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\content.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\lsdb.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\manifest.json
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\sqlite.js
c:\users\office room\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\office room\AppData\Roaming\Beyxegoc\uvosaf.exe
c:\users\office room\AppData\Roaming\Eqfucak\iribur.exe
c:\users\office room\AppData\Roaming\Fahiofeb\soxee.exe
c:\users\office room\AppData\Roaming\Okcuaxup\kyezteu.exe
c:\users\office room\AppData\Roaming\Ucguupuq\ecgiho.exe
c:\users\office room\AppData\Roaming\Ulziva
c:\users\office room\AppData\Roaming\Ulziva\kuygwa.exe
c:\users\office room\AppData\Roaming\Undiak\aziboqo.exe
c:\users\office room\Documents\~WRL0001.tmp
c:\users\office room\Documents\~WRL0962.tmp
c:\users\office room\Documents\~WRL1005.tmp
c:\users\office room\Documents\~WRL2719.tmp
c:\users\office room\Documents\~WRL3079.tmp
c:\windows\SysWow64\X86
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer2068532601
-------\Service_SecurityCenterServer2274353859
-------\Service_SecurityCenterServer2845203103
-------\Service_SecurityCenterServer3175889662
-------\Service_SecurityCenterServer3318559364
-------\Service_SecurityCenterServer3352197080
-------\Service_SecurityCenterServer4084582239
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))
.
.
2013-12-16 02:35 . 2013-12-16 02:35 745975 ----a-w- c:\programdata\SPL8610.tmp
2013-12-16 00:56 . 2013-12-16 00:56 -------- d-----w- c:\users\Jecky\AppData\Local\temp
2013-12-16 00:56 . 2013-12-16 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 00:55 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Ulziva
2013-12-15 08:53 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1276EA44-A1EF-4B3C-9194-686143586A6B}\mpengine.dll
2013-12-15 08:16 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-15 08:16 . 2013-11-26 07:07 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-12-15 08:16 . 2013-11-26 06:40 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-12-15 08:16 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-15 08:16 . 2013-11-26 08:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-15 08:16 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-12-15 08:16 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-15 08:16 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-12-14 21:50 . 2013-09-04 00:06 217215 ----a-w- c:\windows\SysWow64\uhcuercu.exe
2013-12-14 21:50 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Eqfucak
2013-12-14 21:50 . 2012-06-08 21:51 217215 ----a-w- c:\windows\SysWow64\adqebu.exe
2013-12-14 21:49 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Okcuaxup
2013-12-14 21:49 . 2011-04-15 01:57 217215 ----a-w- c:\windows\SysWow64\naezybivy.exe
2013-12-14 21:49 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Ucguupuq
2013-12-14 21:48 . 2013-06-20 01:44 217215 ----a-w- c:\windows\SysWow64\cegyora.exe
2013-12-14 21:47 . 2013-07-29 12:14 217215 ----a-w- c:\windows\SysWow64\owunufi.exe
2013-12-14 21:47 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Beyxegoc
2013-12-14 21:46 . 2012-01-29 08:10 217215 ----a-w- c:\windows\SysWow64\ohasnesygy.exe
2013-12-14 21:46 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Undiak
2013-12-14 21:45 . 2011-02-26 12:53 217215 ----a-w- c:\windows\SysWow64\uzyqpio.exe
2013-12-14 21:45 . 2013-12-16 02:37 -------- d-----w- c:\users\office room\AppData\Roaming\Fahiofeb
2013-12-14 08:08 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-13 23:39 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-11 09:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 09:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 09:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 09:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 09:07 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 06:17 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 06:17 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 06:10 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 06:10 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-11 06:10 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 06:05 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 06:05 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 06:05 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 06:05 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 06:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 06:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 06:03 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 06:03 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-11 06:03 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 06:03 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 06:03 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 06:03 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 06:03 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-11 06:03 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-10 21:35 . 2013-12-10 21:35 -------- d-----w- c:\users\office room\AppData\Roaming\TeamViewer
2013-12-10 21:33 . 2013-12-10 21:33 -------- d-----w- c:\program files (x86)\TeamViewer
2013-12-06 17:24 . 2013-10-18 21:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADB17DB0-AC46-4351-A96C-EC1C4B5BBE30}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 08:02 . 2011-01-26 08:06 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 10:21 . 2011-03-04 00:22 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 21:52 . 2011-03-26 01:08 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-13 17:46 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 17:46 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 17:46 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 17:46 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 17:46 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 17:47 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 17:47 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 17:46 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 17:46 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 17:46 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 17:46 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 17:46 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 17:46 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 17:46 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 17:46 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 17:47 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2010-10-25 02:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 17:46 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 17:46 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 17:46 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 17:46 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 17:46 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 17:46 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 17:46 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 17:46 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 17:46 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 17:46 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 17:46 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 17:46 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 17:46 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP6366"="c:\program files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-20 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2010-08-09 316072]
"HostManager"="c:\program files (x86)\Common Files\AOL\1295621973\ee\AOLSoftware.exe" [2010-03-08 41800]
"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2010-12-09 1418480]
"ReminderApp"="c:\program files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe" [2010-07-09 144672]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"GameServer507"="c:\users\office room\AppData\Roaming\HpUpdate\WIND83C.exe" [2013-12-14 190464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\office room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3229SG1J05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 21:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli FAPassSync
.
R1 SASDIFSV;SASDIFSV;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
R2 LMIRescue_2b0fae27-1f7a-4031-9300-1d3060daaeb6;LogMeIn Rescue (2b0fae27-1f7a-4031-9300-1d3060daaeb6);c:\users\OFFICE~1\AppData\Local\Temp\LMI2108.tmp\LMI_Rescue_srv.exe;c:\users\OFFICE~1\AppData\Local\Temp\LMI2108.tmp\LMI_Rescue_srv.exe [x]
R2 LMIRescue_e39441dd-8cb8-40d6-80fc-8bcd42a63770;LogMeIn Rescue (e39441dd-8cb8-40d6-80fc-8bcd42a63770);c:\users\OFFICE~1\AppData\Local\Temp\LMI8A07.tmp\LMI_Rescue_srv.exe;c:\users\OFFICE~1\AppData\Local\Temp\LMI8A07.tmp\LMI_Rescue_srv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DellOSDservice;DellOSDservice;c:\program files\Dell\OSD\DellOSDservice.exe;c:\program files\Dell\OSD\DellOSDservice.exe [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 iYogiURLHit.exe;iYogi Hit Agent;c:\program files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe;c:\program files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SupportDockClientService.exe;iYogi Communication Agent;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys;c:\windows\SYSNATIVE\DRIVERS\nuviocir_win7_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 15:27]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 17:05]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-09-29 4723976]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Atewcoaktyiwny - c:\users\office room\AppData\Roaming\Fahiofeb\soxee.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Atewcoaktyiwny - c:\users\office room\AppData\Roaming\Fahiofeb\soxee.exe
Wow6432Node-HKLM-Run-Heovkekezu - c:\users\office room\AppData\Roaming\Undiak\aziboqo.exe
Wow6432Node-HKLM-Run-Abizfimi - c:\users\office room\AppData\Roaming\Beyxegoc\uvosaf.exe
Wow6432Node-HKLM-Run-Zyekzagi - c:\users\office room\AppData\Roaming\Ulziva\kuygwa.exe
Wow6432Node-HKLM-Run-Ahesicik - c:\users\office room\AppData\Roaming\Ucguupuq\ecgiho.exe
Wow6432Node-HKLM-Run-Iromuca - c:\users\office room\AppData\Roaming\Okcuaxup\kyezteu.exe
Wow6432Node-HKLM-Run-Udaqubvuole - c:\users\office room\AppData\Roaming\Eqfucak\iribur.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-15  21:44:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-16 02:44
.
Pre-Run: 356,399,955,968 bytes free
Post-Run: 356,146,966,528 bytes free
.
- - End Of File - - CDB12AF14CC37698CC5AFDAF7E7E00A6
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\windows\SysWow64\uhcuercu.exe

c:\windows\SysWow64\adqebu.exe

c:\windows\SysWow64\naezybivy.exe

c:\windows\SysWow64\cegyora.exe

c:\windows\SysWow64\owunufi.exe

c:\windows\SysWow64\ohasnesygy.exe

c:\windows\SysWow64\uzyqpio.exe

Folder::

c:\users\office room\AppData\Roaming\Ulziva

c:\users\office room\AppData\Roaming\Eqfucak

c:\users\office room\AppData\Roaming\Okcuaxup

c:\users\office room\AppData\Roaming\Ucguupuq

c:\users\office room\AppData\Roaming\Beyxegoc

c:\users\office room\AppData\Roaming\Undiak

c:\users\office room\AppData\Roaming\Fahiofeb

JavaClearCache::

KilAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 13-12-13.01 - office room 12/16/2013   7:33.2.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2346 [GMT -5:00]

Running from: c:\users\office room\Desktop\ComboFix.exe

Command switches used :: c:\users\office room\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\adqebu.exe"

"c:\windows\SysWow64\cegyora.exe"

"c:\windows\SysWow64\naezybivy.exe"

"c:\windows\SysWow64\ohasnesygy.exe"

"c:\windows\SysWow64\owunufi.exe"

"c:\windows\SysWow64\uhcuercu.exe"

"c:\windows\SysWow64\uzyqpio.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\office room\AppData\Roaming\Beyxegoc

c:\users\office room\AppData\Roaming\Eqfucak

c:\users\office room\AppData\Roaming\Fahiofeb

c:\users\office room\AppData\Roaming\Okcuaxup

c:\users\office room\AppData\Roaming\Ucguupuq

c:\users\office room\AppData\Roaming\Ulziva

c:\users\office room\AppData\Roaming\Undiak

.

.

(((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))

.

.

2013-12-16 12:43 . 2013-12-16 12:43 -------- d-----w- c:\users\Jecky\AppData\Local\temp

2013-12-16 12:43 . 2013-12-16 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-16 02:35 . 2013-12-16 02:35 745975 ----a-w- c:\programdata\SPL8610.tmp

2013-12-15 08:53 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1276EA44-A1EF-4B3C-9194-686143586A6B}\mpengine.dll

2013-12-15 08:16 . 2013-11-26 06:33 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-12-15 08:16 . 2013-11-26 07:07 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-12-15 08:16 . 2013-11-26 06:40 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-12-15 08:16 . 2013-11-26 07:32 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-12-15 08:16 . 2013-11-26 08:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-12-15 08:16 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-12-15 08:16 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-12-15 08:16 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-12-14 21:50 . 2013-09-04 00:06 217215 ----a-w- c:\windows\SysWow64\uhcuercu.exe

2013-12-14 21:50 . 2012-06-08 21:51 217215 ----a-w- c:\windows\SysWow64\adqebu.exe

2013-12-14 21:49 . 2011-04-15 01:57 217215 ----a-w- c:\windows\SysWow64\naezybivy.exe

2013-12-14 21:48 . 2013-06-20 01:44 217215 ----a-w- c:\windows\SysWow64\cegyora.exe

2013-12-14 21:47 . 2013-07-29 12:14 217215 ----a-w- c:\windows\SysWow64\owunufi.exe

2013-12-14 21:46 . 2012-01-29 08:10 217215 ----a-w- c:\windows\SysWow64\ohasnesygy.exe

2013-12-14 21:45 . 2011-02-26 12:53 217215 ----a-w- c:\windows\SysWow64\uzyqpio.exe

2013-12-14 08:08 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 23:39 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-11 09:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-11 09:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-11 09:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-11 09:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-11 09:07 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-11 06:17 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 06:17 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 06:10 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 06:10 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 06:10 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 06:05 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 06:05 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 06:05 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 06:05 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 06:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 06:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 06:03 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 06:03 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 06:03 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 06:03 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 06:03 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 06:03 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 06:03 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 06:03 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

2013-12-10 21:35 . 2013-12-10 21:35 -------- d-----w- c:\users\office room\AppData\Roaming\TeamViewer

2013-12-10 21:33 . 2013-12-10 21:33 -------- d-----w- c:\program files (x86)\TeamViewer

2013-12-06 17:24 . 2013-10-18 21:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADB17DB0-AC46-4351-A96C-EC1C4B5BBE30}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-15 08:02 . 2011-01-26 08:06 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-11-19 10:21 . 2011-03-04 00:22 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-18 21:52 . 2011-03-26 01:08 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-12 02:30 . 2013-11-13 17:46 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-13 17:46 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-13 17:46 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-13 17:46 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-13 17:46 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-13 17:47 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-13 17:47 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-13 17:46 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-13 17:46 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-13 17:46 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-13 17:46 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-13 17:46 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-13 17:46 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-13 17:46 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-13 17:46 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-13 17:47 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 14:53 . 2010-10-25 02:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-09-25 02:26 . 2013-11-13 17:46 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:26 . 2013-11-13 17:46 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:23 . 2013-11-13 17:46 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-13 17:46 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-13 17:46 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-13 17:46 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-13 17:46 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-13 17:46 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-13 17:46 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-13 17:46 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-13 17:46 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-13 17:46 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-13 17:46 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408]

"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP6366"="c:\program files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe" [2009-07-17 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-20 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2010-08-09 316072]

"HostManager"="c:\program files (x86)\Common Files\AOL\1295621973\ee\AOLSoftware.exe" [2010-03-08 41800]

"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2010-12-09 1418480]

"ReminderApp"="c:\program files (x86)\Nova Development\Scrapbook Factory Deluxe 5.0\ReminderApp.exe" [2010-07-09 144672]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]

"GameServer507"="c:\users\office room\AppData\Roaming\HpUpdate\WIND83C.exe" [2013-12-14 190464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]

.

c:\users\office room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3229SG1J05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-02-22 21:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli FAPassSync

.

R1 SASDIFSV;SASDIFSV;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\OFFICE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]

R2 LMIRescue_2b0fae27-1f7a-4031-9300-1d3060daaeb6;LogMeIn Rescue (2b0fae27-1f7a-4031-9300-1d3060daaeb6);c:\users\OFFICE~1\AppData\Local\Temp\LMI2108.tmp\LMI_Rescue_srv.exe;c:\users\OFFICE~1\AppData\Local\Temp\LMI2108.tmp\LMI_Rescue_srv.exe [x]

R2 LMIRescue_e39441dd-8cb8-40d6-80fc-8bcd42a63770;LogMeIn Rescue (e39441dd-8cb8-40d6-80fc-8bcd42a63770);c:\users\OFFICE~1\AppData\Local\Temp\LMI8A07.tmp\LMI_Rescue_srv.exe;c:\users\OFFICE~1\AppData\Local\Temp\LMI8A07.tmp\LMI_Rescue_srv.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DellOSDservice;DellOSDservice;c:\program files\Dell\OSD\DellOSDservice.exe;c:\program files\Dell\OSD\DellOSDservice.exe [x]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]

S2 iYogiURLHit.exe;iYogi Hit Agent;c:\program files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe;c:\program files (x86)\iYogi Support Dock\Services\URLHit\iYogiURLHit.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 SupportDockClientService.exe;iYogi Communication Agent;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockClientService.exe [x]

S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys;c:\windows\SYSNATIVE\DRIVERS\nuviocir_win7_x64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 15:27]

.

2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 17:05]

.

2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 17:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-09-29 4723976]

"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]

"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-12-16  07:46:01

ComboFix-quarantined-files.txt  2013-12-16 12:46

ComboFix2.txt  2013-12-16 02:44

.

Pre-Run: 356,324,999,168 bytes free

Post-Run: 356,258,074,624 bytes free

.

- - End Of File - - 47D36EC2201FB65F63156A48E9B39C1B

5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.16.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

office room :: OFFICEROOM-PC [administrator]

 

Protection: Enabled

 

12/16/2013 8:50:12 AM

mbam-log-2013-12-16 (08-50-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 286066

Time elapsed: 14 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GameServer507 (Trojan.Agent.TMSGen) -> Data: "C:\Users\office room\AppData\Roaming\HpUpdate\WIND83C.exe" -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 9

C:\Windows\System32\adqebu.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\cegyora.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\naezybivy.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\ohasnesygy.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\owunufi.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\uhcuercu.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Windows\System32\uzyqpio.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

C:\Users\office room\AppData\Local\Temp\sbfybtb\sucwdev\wow.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\office room\AppData\Roaming\HpUpdate\WIND83C.exe (Trojan.Agent.TMSGen) -> Quarantined and deleted successfully.

 

(end)

 

It did ask me to reboot and I did

Link to post
Share on other sites

Thanks!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\EasyLife\uninstall.exe Win32/SProtector.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoemcnkbchhgfelppelkkgaidhdkkbm\1\51cca02b5335c2.82128793.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilbhjfflimhiejonplchciacbpimmik\1\51cc9ff335abf3.36743653.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Beyxegoc\uvosaf.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Eqfucak\iribur.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Fahiofeb\soxee.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Okcuaxup\kyezteu.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Ucguupuq\ecgiho.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Ulziva\kuygwa.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\office room\AppData\Roaming\Undiak\aziboqo.exe.vir a variant of Win32/Kryptik.BREH trojan cleaned by deleting - quarantined

C:\Users\office room\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\22fb1b02-44068f21 a variant of Java/Exploit.Agent.PTZ trojan cleaned by deleting - quarantined

C:\Users\office room\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\616cb975-46b33bf5 Java/Exploit.Agent.PQY trojan cleaned by deleting - quarantined
Link to post
Share on other sites

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa
Step 2

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.