Jump to content

Recommended Posts

Hi,

 

I hope I have followed the instructions on the following page:-

 

https://forums.malwarebytes.org/index.php?showtopic=9573

 

Please let me know if I have not. Many Thanks for your assistance in advance.

 

Please see below the contents of the two logs from DDS:-

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by James at 13:41:59 on 2013-12-27
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.7894.5016 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\windows\syswow64\wwahost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\syswow64\wwahost.exe
C:\windows\syswow64\wwahost.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\taskeng.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [searchProtection] "C:\Users\James\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837}\244584F6D65684572623D245251515 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837}\244584F6D65684572623D27434E4A5 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{221D220A-C7E4-4252-8A98-621D244BC837}\244584F6D65684572623D283233433 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{23D3303B-DE53-411E-B103-F4C14FD6023A} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [samsung Link] C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
x64-Run: [Hercules DJ Series TrayAgent] C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\windows\System32\Drivers\avc3.sys [2013-8-1 727592]
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\Drivers\excsd.sys [2012-8-23 103248]
R0 gzflt;gzflt;C:\windows\System32\Drivers\gzflt.sys [2013-12-1 150256]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-23 645952]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-12-1 98768]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-12-1 107008]
R1 BDVEDISK;BDVEDISK;C:\windows\System32\Drivers\bdvedisk.sys [2013-12-1 79192]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-8-23 92536]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\Drivers\excfs.sys [2012-8-23 23376]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\Drivers\psd.sys [2012-2-3 44576]
R1 RsFx0201;RsFx0201 Driver;C:\windows\System32\Drivers\RsFx0201.sys [2012-10-19 336880]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [2013-4-16 405896]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-5-21 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-23 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-8-23 1112000]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-8-26 1593976]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2012-8-17 102224]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2013-7-21 47104]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-23 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-23 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-27 701512]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-3-28 95184]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe [2013-4-25 605768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-23 364416]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-8-27 67320]
R3 acpials;ALS Sensor Filter;C:\windows\System32\Drivers\acpials.sys [2012-7-26 9728]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2013-5-21 165344]
R3 avchv;avchv Function Driver;C:\windows\System32\Drivers\avchv.sys [2013-3-28 261056]
R3 avckf;avckf;C:\windows\System32\Drivers\avckf.sys [2013-8-1 601360]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-8-14 313712]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-17 342528]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-12-27 25928]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-5 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-8-23 683664]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2013-5-21 165344]
S3 BDSandBox;BDSandBox;C:\windows\System32\Drivers\bdsandbox.sys [2013-12-1 82824]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-23 110592]
S3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-23 825344]
S3 Bulk;HDJBulk;C:\windows\System32\Drivers\HDJBulk.sys [2013-7-21 258352]
S3 cxbu0x64;OMNIKEY 3x21;C:\windows\System32\Drivers\cxbu0x64.sys [2013-3-22 143360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 HDJAsioK;HDJAsioK;C:\windows\System32\Drivers\HDJAsioK.sys [2013-7-21 320816]
S3 HDJMidi;Hercules DJ Console MIDI;C:\windows\System32\Drivers\HDJMidi.sys [2013-7-21 274736]
S3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-23 55848]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-12-1 69392]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-12-27 12:59:22 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2013-12-27 12:58:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-27 12:58:24 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-12-27 12:58:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-27 12:57:43 -------- d-----w- C:\Users\James\AppData\Local\Programs
2013-12-26 01:06:30 -------- d-----w- C:\FRST
2013-12-26 00:51:23 -------- d-----w- C:\AdwCleaner
2013-12-24 15:35:51 -------- d-----w- C:\Program Files (x86)\ZooskMessenger
2013-12-15 13:25:47 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 13:25:47 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-14 06:21:00 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 06:20:57 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-11 22:16:56 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-12-11 22:16:54 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-12-11 22:16:53 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-12-11 22:16:53 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-11 22:16:53 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 22:16:53 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-11 22:16:01 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-11 22:16:01 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-11 22:16:00 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-12-11 22:14:53 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-12-11 22:14:53 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-12-01 18:19:50 74512 ----a-w- C:\windows\SysWow64\bdsandboxuiskin32.dll
2013-12-01 18:02:40 82824 ----a-w- C:\windows\System32\drivers\bdsandbox.sys
2013-12-01 18:02:35 74512 ----a-w- C:\windows\System32\bdsandboxuiskin32.dll
2013-12-01 18:02:35 389240 ----a-w- C:\windows\System32\drivers\trufos.sys
2013-12-01 18:02:22 150256 ----a-w- C:\windows\System32\drivers\gzflt.sys
2013-12-01 18:02:10 84848 ----a-w- C:\windows\System32\bdsandboxuiskin.dll
2013-12-01 18:02:08 34384 ----a-w- C:\windows\System32\bdsandboxuh.dll
2013-12-01 18:02:00 79192 ----a-w- C:\windows\System32\drivers\bdvedisk.sys
.
==================== Find3M  ====================
.
2013-11-23 06:43:58 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-10-08 22:12:50 2193136 ----a-w- C:\windows\System32\Netwuw01.dll
2013-10-08 22:12:46 3345376 ----a-w- C:\windows\System32\drivers\NETwew00.sys
2013-10-08 06:50:37 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 06:10:20 285016 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-10-02 02:50:07 447320 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 13:42:30.84 ===============
 
 
.........and attach.txt
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 22/03/2013 17:02:52
System Uptime: 26/12/2013 00:54:40 (37 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NP700Z5C-S03UK
Processor: Intel® Core i7-3635QM CPU @ 2.40GHz | CPU Socket - U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 907 GiB total, 573.386 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Device ID: USB\VID_8087&PID_07DA\6&107CF39B&0&5
Manufacturer: Intel Corporation
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
PNP Device ID: USB\VID_8087&PID_07DA\6&107CF39B&0&5
Service: BTHUSB
.
==== System Restore Points ===================
.
RP42: 07/12/2013 16:35:14 - Intel® PROSet/Wireless Software
RP43: 11/12/2013 22:59:51 - Windows Update
RP44: 15/12/2013 13:12:22 - Windows Update
RP45: 18/12/2013 22:23:21 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
AllShare Framework DMS
Allshare Play Link
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Baldur's Gate: Enhanced Edition
BBC iPlayer Downloads
Bitdefender Total Security 2013
Bonjour
Citrix XenApp Web Plugin
CyberLink Power2Go 8
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
E-POP
Easy File Share
ETDWare PS/2-X64 11.7.2.1_WHQL
EVE Online (remove only)
ExpressCache
Football Manager 2014
Fotogalerie
Galerie de photos
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit)
Google Chrome
Google Update Helper
Help Desk
Hercules DJ Products Series drivers
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Infineon TPM Professional Package
Intel AppUp(SM) center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® PRO/Wireless Driver
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 45
Java Auto Updater
K-Lite Codec Pack 8.4.0 (Basic)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Classic - Home Cinema 1.6.1.4235
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer 2012 Runtime
Microsoft Silverlight
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server 2012 (64-bit)
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 Policies 
Microsoft SQL Server 2012 RsFx Driver
Microsoft SQL Server 2012 Setup (English)
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server System CLR Types
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft VSS Writer for SQL Server 2012
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Photo Common
Photo Gallery
Raccolta foto
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery
S Agent
Samsung Link 1.5.0.1304231405
Search Protection
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Settings
SQL Server 2012 Client Tools
SQL Server 2012 Common Files
SQL Server 2012 Database Engine Services
SQL Server 2012 Database Engine Shared
SQL Server 2012 Management Studio
SQL Server Browser for SQL Server 2012
Sql Server Customer Experience Improvement Program
Steam
Support Center
Support Center FAQ
SW Update
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
User Guide
VirtualDJ PRO Full
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xerox PhotoCafe
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
26/12/2013 00:58:32, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
26/12/2013 00:18:24, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ExpressCache service.
24/12/2013 14:59:54, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.
24/12/2013 14:59:54, Error: Service Control Manager [7000]  - The System Events Broker service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
24/12/2013 14:59:07, Error: Service Control Manager [7022]  - The Internet Connection Sharing (ICS) service hung on starting.
.
==== End Of File ===========================
 

 

 

 

Many Thanks once again in advance of your assistance.

 

JMW

Link to post
Share on other sites

  • Root Admin

Sorry for the delay but the Holidays is often a hectic busy time.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 3 weeks later...

Hi,

 

Please see below the Combofix Log text.  Hope this enables you to help me get rid of this unwanted malware.

 

Many Thanks

James

 

ComboFix 14-01-22.01 - James 22/01/2014  18:46:53.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.7894.6139 [GMT 0:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
c:\programdata\1364494680.bdinstall.bin
c:\programdata\Roaming
c:\users\James\AppData\Local\assembly\tmp
c:\users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A3B0962-A9FF-4320-B769-091071621ADD}.xps
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-18 12:28 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
2014-01-18 12:28 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-01-18 12:28 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-01-18 12:28 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-01-18 12:28 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
2014-01-18 12:28 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
2014-01-18 12:28 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll
2014-01-18 12:28 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-01-18 12:27 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-01-18 12:27 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll
2014-01-18 12:27 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-18 12:27 . 2014-01-09 08:02 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 12:27 . 2014-01-09 08:02 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-18 12:27 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
2014-01-18 12:27 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 12:27 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-01-18 12:27 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-27 12:59 . 2013-12-27 12:59 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2013-12-27 12:58 . 2013-12-27 12:58 -------- d-----w- c:\programdata\Malwarebytes
2013-12-27 12:58 . 2013-12-27 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-27 12:58 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-27 12:57 . 2013-12-27 12:57 -------- d-----w- c:\users\James\AppData\Local\Programs
2013-12-26 01:06 . 2013-12-26 01:06 -------- d-----w- C:\FRST
2013-12-26 00:51 . 2013-12-26 01:05 -------- d-----w- C:\AdwCleaner
2013-12-24 15:35 . 2014-01-22 18:56 -------- d-----w- c:\program files (x86)\ZooskMessenger
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 12:27 . 2013-03-22 18:52 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-01 18:02 . 2013-12-01 18:02 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-12-01 18:02 . 2013-12-01 18:19 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2013-12-01 18:02 . 2013-12-01 18:02 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2013-12-01 18:02 . 2013-12-01 18:02 389240 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-01 18:02 . 2013-12-01 18:02 150256 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-12-01 18:02 . 2013-12-01 18:02 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-12-01 18:02 . 2013-12-01 18:02 34384 ----a-w- c:\windows\system32\bdsandboxuh.dll
2013-12-01 18:02 . 2013-12-01 18:02 79192 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-11-23 06:43 . 2013-12-11 22:15 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 22:15 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-06 23:18 . 2013-12-11 22:16 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-11-01 05:38 . 2013-12-11 22:14 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-11-01 03:49 . 2013-12-11 22:14 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-25 06:19 . 2013-12-11 22:16 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-11 22:17 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-11 22:16 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-10-25 06:19 . 2013-12-11 22:17 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-11 22:17 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-11 22:17 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-11 22:17 855552 ----a-w- c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-11 22:17 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-11 22:17 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-11 22:17 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-11 22:17 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-11 22:16 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2013-3-9 30798512]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 Bulk;HDJBulk;c:\windows\System32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\System32\Drivers\HDJAsioK.sys;c:\windows\SYSNATIVE\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 SBIOSIO;SBIOSIO;c:\windiag\SBIOSIO64.SYS;c:\windiag\SBIOSIO64.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S1 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Condusiv Technologies\ExpressCache\ExpressCache.exe;c:\program files\Condusiv Technologies\ExpressCache\ExpressCache.exe [x]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-18 12:42 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-28 22:30]
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 15:10]
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 15:10]
.
2014-01-22 c:\windows\Tasks\Xerox PhotoCafe Communicator.job
- c:\programdata\Xerox PhotoCafe\MessageCheck.exe [2011-10-26 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-03-28 18:40 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-03-28 18:40 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-03-28 18:40 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-03-28 18:40 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-08-08 11554688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-16 440640]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-12-01 1571072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-04-23 407384]
"Hercules DJ Series TrayAgent"="c:\program files\Guillemot\HDJTray\HDJSeries2TrayBar.exe" [2013-05-10 3572048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SearchProtection - c:\users\James\AppData\Roaming\Search Protection\SearchProtection.EXE
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
SafeBoot-rpcnet
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Search Protection - c:\users\James\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-01-22  19:01:12
ComboFix-quarantined-files.txt  2014-01-22 19:01
.
Pre-Run: 620,130,820,096 bytes free
Post-Run: 619,956,518,912 bytes free
.
- - End Of File - - 3021C567DDC145E083FC138F22F9B1F5
Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java form your Control Panel, Add/Remove

 

Then run the following

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 
 
Then restart the computer
Next, Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.