Jump to content

Recommended Posts

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2

Run by Petra at 11:34:25 on 2014-01-02

.

============== Running Processes ================

.

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PskSvc.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\TPSrvWow.exe

C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2013\WebProxy.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Users\Petra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\ApVxdWin.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PsCtrls.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PavFnSvr.exe

C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\pavsrvx86.exe

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\AVENGINE.EXE

c:\program files (x86)\panda security\panda global protection 2013\firewall\PSHOST.EXE

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PsImSvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\SRVLOAD.EXE

.

============== Pseudo HJT Report ===============

.


mURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [spotify Web Helper] "C:\Users\Petra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

uRun: [DellSystemDetect] C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Inicio.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.





TCP: NameServer = 192.168.1.254

TCP: Interfaces\{2D2A4630-065D-43D1-BDA3-21769F96B3EE} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5D53A21F-8654-43A6-9377-8A5FA10FB3BB} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll




x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: avldr - avldr64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\42r4q646.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll

FF - plugin: C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\NPASCSafariPluginProtect.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-12-21 17:29; ascsurfingprotection@iobit.com; C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\42r4q646.default\extensions\ascsurfingprotection@iobit.com

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: content.notify.ontimer - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.switch.threshold - 750000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R? AdvancedSystemCareService7;Advanced SystemCare Service 7

R? BBUpdate;BBUpdate

R? BrSerIb;Brother MFC Serial Interface Driver(WDM)

R? BrUsbSIb;Brother MFC Serial USB Driver(WDM)

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? FlyUsb;FLY Fusion

R? HTCAND64;HTC Device Driver

R? HTCMonitorService;HTCMonitorService

R? HtcVCom32;HTC Diagnostic Port

R? IEEtwCollectorService;Internet Explorer ETW Collector Service

R? LeapFrog-USBLAN;LeapFrog-USBLAN

R? LiveUpdateSvc;LiveUpdate

R? McComponentHostService;McAfee Security Scan Component Host Service

R? ose64;Office 64 Source Engine

R? PSKMAD;PSKMAD

R? RdpVideoMiniport;Remote Desktop Video Miniport Driver

R? RoxMediaDB12OEM;RoxMediaDB12OEM

R? RoxWatch12;Roxio Hard Drive Watcher 12

R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader

R? SWDUMon;SWDUMon

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? USBAAPL64;Apple Mobile USB Driver

R? WatAdminSvc;Windows Activation Technologies Service

R? wlcrasvc;Windows Live Mesh remote connections service

R? WSDScan;WSD Scan Support via UMB

S? AESTFilters;Andrea ST Filters Service

S? AmFSM;AmFSM

S? APPFLT;App Filter Plugin

S? BBSvc;BingBar Service

S? BingDesktopUpdate;Bing Desktop Update service

S? ComFiltr;Panda Anti-Dialer

S? CtClsFlt;Creative Camera Class Upper Filter Driver

S? DSAFLT;DSA Filter Plugin

S? FNETMON;NetMon Filter Plugin

S? HECIx64;Intel® Management Engine Interface

S? IAStorDataMgrSvc;Intel® Rapid Storage Technology

S? IDSFLT;Ids Filter Plugin

S? Impcd;Impcd

S? IntcDAud;Intel® Display Audio

S? McciCMService64;McciCMService64

S? NAUpdate;Nero Update

S? NETFLTDI;Panda Net Driver [TDI Layer]

S? NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44

S? NOBU;Dell DataSafe Online

S? Panda Software Controller;Panda Software Controller

S? pavboot;Panda boot driver

S? PAVFNSVR;Panda Function Service

S? PavPrSrv;Panda Process Protection Service

S? PAVSRV;Panda On-Access Anti-Malware Service

S? PavTPK.sys;PavTPK.sys

S? Prot6Flt;Prot6Flt

S? PskSvcRetail;Panda PSK service

S? PxHlpa64;PxHlpa64

S? RTL8167;Realtek 8167 NT Driver

S? SftService;SoftThinks Agent Service

S? ShldFlt;Panda File Shield Driver

S? SmbDrvI;SmbDrvI

S? UNS;Intel® Management & Security Application User Notification Service

S? WNMFLT;Wifi Monitor Filter Plugin

S? ZAtheros Wlan Agent;ZAtheros Wlan Agent

.

=============== File Associations ===============

.

FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*

FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*

FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*

FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*

FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe  "%1" %*

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2014-01-02 10:09:51 -------- d-----w- C:\Users\Petra\AppData\Roaming\VSRevoGroup

2014-01-01 21:12:30 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2F90A3C-2703-4FA2-AA60-9B416FEFF3F1}\offreg.dll

2013-12-31 16:53:59 2808832 ----a-w- C:\windows\System32\drivers\athrx.sys

2013-12-31 16:53:59 2808832 ----a-w- C:\windows\System32\athrx.sys

2013-12-31 16:53:59 -------- d-----w- C:\windows\Options

2013-12-31 16:53:57 60416 ------w- C:\windows\System32\athihvui.dll

2013-12-31 16:53:57 439296 ------w- C:\windows\System32\athihvs.dll

2013-12-31 16:53:57 -------- d-----w- C:\windows\System32\nn-NO

2013-12-31 16:53:36 -------- d-----w- C:\Program Files (x86)\Cisco

2013-12-31 16:32:13 -------- d-----w- C:\Users\Petra\AppData\Local\Deployment

2013-12-31 16:32:13 -------- d-----w- C:\Users\Petra\AppData\Local\Apps

2013-12-31 10:40:15 671744 ----a-w- C:\windows\System32\stapi64.dll

2013-12-31 10:40:15 541184 ----a-w- C:\windows\System32\drivers\stwrt64.sys

2013-12-31 10:40:15 499200 ----a-w- C:\windows\System32\stcplx64.dll

2013-12-31 10:40:15 255488 ----a-w- C:\windows\System32\st646421.dll

2013-12-31 10:40:15 2188288 ----a-w- C:\windows\System32\stapo64.dll

2013-12-31 10:40:13 -------- d-----w- C:\Program Files\IDT

2013-12-31 10:05:46 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys

2013-12-31 10:05:41 -------- d-----w- C:\Users\Petra\AppData\Local\SlimWare Utilities Inc

2013-12-31 10:03:01 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2F90A3C-2703-4FA2-AA60-9B416FEFF3F1}\mpengine.dll

2013-12-30 22:25:27 -------- d-----w- C:\Intel

2013-12-30 22:24:01 510960 ----a-w- C:\windows\System32\igfxsrvc.exe

2013-12-30 22:24:01 418800 ----a-w- C:\windows\System32\igfxpers.exe

2013-12-30 22:24:01 394224 ----a-w- C:\windows\System32\hkcmd.exe

2013-12-30 22:24:01 241136 ----a-w- C:\windows\System32\igfxext.exe

2013-12-30 22:24:01 168944 ----a-w- C:\windows\System32\igfxtray.exe

2013-12-30 22:24:00 4380144 ----a-w- C:\windows\System32\GfxUI.exe

2013-12-30 22:24:00 185840 ----a-w- C:\windows\System32\difx64.exe

2013-12-30 22:22:59 390144 ----a-w- C:\windows\System32\igfxdev.dll

2013-12-30 22:15:00 -------- d-----w- C:\ProgramData\BlueStacksSetup

2013-12-30 22:14:45 -------- d-----w- C:\ProgramData\BlueStacks

2013-12-29 21:04:53 -------- d-----w- C:\ProgramData\Qualcomm Atheros

2013-12-22 20:19:32 -------- d-----w- C:\Users\Petra\AppData\Roaming\Guitar Pro 6

2013-12-22 20:19:32 -------- d-----w- C:\ProgramData\Guitar Pro 6

2013-12-22 20:09:12 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6

2013-12-22 15:55:17 -------- d--h--w- C:\_acestream_cache_

2013-12-22 15:55:06 -------- d-----w- C:\Users\Petra\AppData\Roaming\Hobbyist Software

2013-12-22 15:54:12 -------- d-----w- C:\Users\Petra\AppData\Roaming\.ACEStream

2013-12-21 12:02:44 -------- d-----w- C:\Casino

2013-12-12 12:09:05 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-12 12:09:05 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 12:09:04 12625920 ----a-w- C:\windows\System32\wmploc.DLL

2013-12-12 12:09:03 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL

2013-12-12 09:35:15 335360 ----a-w- C:\windows\System32\msieftp.dll

2013-12-08 15:19:19 27456 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe

2013-12-08 10:27:11 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}

2013-12-08 10:27:10 -------- d-----w- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}

2013-12-04 15:38:25 -------- d-----w- C:\Users\Petra\AppData\Roaming\PhrozenSoft

2013-12-03 23:53:52 -------- d-----w- C:\Users\Petra\AppData\Local\Opera Software

2013-12-03 23:53:50 -------- d-----w- C:\Users\Petra\AppData\Roaming\Opera Software

2013-12-03 15:18:53 -------- d-----w- C:\ProgramData\ProductData

2013-12-03 15:16:36 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2013-12-03 15:05:54 883928 ----a-w- C:\windows\System32\drivers\Rt64win7.sys

2013-12-03 15:05:54 74456 ----a-w- C:\windows\System32\RtNicProp64.dll

2013-12-03 15:04:53 -------- d-----w- C:\Program Files\Synaptics

2013-12-03 15:04:09 468208 ----a-w- C:\windows\System32\drivers\SynTP.sys

2013-12-03 15:04:09 229616 ----a-w- C:\windows\System32\SynTPAPI.dll

2013-12-03 15:04:09 180464 ----a-w- C:\windows\System32\SynTPCo16.dll

2013-12-03 15:04:09 114416 ----a-w- C:\windows\SysWow64\SynTPCOM.dll

2013-12-03 15:04:08 1048576 ----a-w- C:\windows\System32\syndata.bin

2013-12-03 15:04:07 532208 ----a-w- C:\windows\SysWow64\SynCOM.dll

2013-12-03 15:04:07 1035504 ----a-w- C:\windows\System32\SynCOM.dll

2013-12-03 15:04:05 32496 ----a-w- C:\windows\System32\drivers\Smb_driver_Intel.sys

2013-12-03 15:01:22 -------- d-----w- C:\Users\Petra\AppData\Roaming\IObit

2013-12-03 15:01:20 -------- d-----w- C:\ProgramData\IObit

2013-12-03 15:01:02 -------- d-----w- C:\Program Files (x86)\IObit

.

==================== Find3M  ====================

.

2013-12-11 18:31:14 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 18:31:14 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-12-03 15:05:54 108760 ----a-w- C:\windows\System32\RTNUninst64.dll

2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll

2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll

2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll

2013-11-19 21:56:59 942592 ----a-w- C:\windows\System32\jsIntl.dll

2013-11-19 03:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe

2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys

2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx

2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll

2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx

2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll

2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL

2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe

2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe

2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe

2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe

2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll

.

============= FINISH: 11:35:59.15 ===============

 

ATTACH.TXT


.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8) MUI

Advanced Audio FX Engine

Advanced SystemCare 7

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AudibleManager

Bing Bar

Bing Desktop

Bing Rewards Client Installer

Blio

Bonjour

CCleaner

ConvertXtoDVD 4.1.19.365

D3DX10

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Defraggler

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Stage Remote

Dell System Detect

Dell Touchpad

Dell VideoStage 

Dell Webcam Central

Dell Wireless Driver Installation

Dell WLAN and Bluetooth Client Installation

DirectX 9 Runtime

Driver Booster

DVDFab 8.0.5.0 (18/11/2010)

Google Chrome

Google Update Helper

High-Definition Video Playback

HTC Driver Installer

HTC Sync Manager

iCloud

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

IObit Uninstaller

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 27 (64-bit)

Java 6 Update 37

Junk Mail filter update

LeapFrog Connect

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Word MUI (English) 2013

Mozilla Firefox 25.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Dell

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Opera Stable 18.0.1284.68

Outils de vérification linguistique 2013 de Microsoft Office - Français

Panda Cloud Cleaner

Panda Global Protection 2013

Password Depot 6 - Panda Secure Vault Edition

PhotoShowExpress

PlayReady PC Runtime x86

Plusnet Assist

Quickset64

QuickTime

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Revo Uninstaller 1.95

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Salter MiBody

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition

Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition

Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition

Shared C Run-time for x64

Sonic CinePlayer Decoder Pack

Spotify

Surfing Protection

Synaptics Pointing Device Driver

SyncUP

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition

Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition

Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition

Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition

Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition

Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition

Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition

Virtual DJ Pro Full - Atomix Productions

Visual Studio 2010 x64 Redistributables

VLC media player 1.1.11

Vuze

Vuze Remote Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.0

Zinio Reader 4

.

==== End Of File ===========================

 

Any help would be appreciated


 

Link to post
Share on other sites

Hello bumpyjo and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Vuze

Vuze Remote Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan button. Wait until is finished.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Windows 7 Home Premium x64

Ran by Petra on 03/01/2014 at 14:03:17.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho.1.0

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{928A1C42-FED9-413B-9CB2-2DD64E75A2E6}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\end"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\local\tempdir"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\codec-c"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\Petra\appdata\locallow\vuze_remote"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{8175D436-BB08-4200-A268-DF35A163E245}

Successfully deleted: [Empty Folder] C:\Users\Petra\appdata\local\{F9B43F8E-8B24-41D6-8207-83D653190E10}

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\42r4q646.default\user.js

Emptied folder: C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\42r4q646.default\minidumps [6 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03/01/2014 at 14:15:41.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

# AdwCleaner v3.016 - Report created 03/01/2014 at 14:32:33

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Petra - PETRA-PC

# Running from : C:\Users\Petra\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKLM\Software\Vuze_Remote

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\42r4q646.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2383 octets] - [03/01/2014 14:22:06]

AdwCleaner[R1].txt - [2443 octets] - [03/01/2014 14:31:10]

AdwCleaner[s0].txt - [2230 octets] - [03/01/2014 14:32:33]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2290 octets] ##########
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 14-01-04.03 - Petra 06/01/2014  17:16:06.2.4 - x64

Running from: c:\users\Petra\Downloads\ComboFix.exe

.

  (((((((((((((((((((((((((   Files Created from 2013-12-06 to 2014-01-06  )))))))))))))))))))))))))))))))

.

.

2014-01-05 20:45 . 2014-01-05 20:45 22370928 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\xul.dll

2014-01-03 18:15 . 2014-01-03 18:15 0 ----a-w- c:\program files (x86)\GUT198A.tmp

2014-01-03 18:15 . 2014-01-03 18:15 -------- d-----w- c:\program files (x86)\GUM1989.tmp

2014-01-03 14:21 . 2014-01-03 14:33 -------- d-----w- C:\AdwCleaner

2014-01-03 14:04 . 2014-01-06 17:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F65F2043-58FC-4319-A4A0-A1083AD47756}\offreg.dll

2014-01-03 14:03 . 2014-01-03 14:03 -------- d-----w- c:\windows\ERUNT

2014-01-03 13:57 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F65F2043-58FC-4319-A4A0-A1083AD47756}\mpengine.dll

2014-01-02 10:09 . 2014-01-02 10:09 -------- d-----w- c:\users\Petra\AppData\Roaming\VSRevoGroup

2013-12-31 16:53 . 2013-12-31 16:53 -------- d-----w- c:\windows\Options

2013-12-31 16:53 . 2012-03-21 21:43 2808832 ----a-w- c:\windows\system32\drivers\athrx.sys

2013-12-31 16:53 . 2012-03-21 21:43 2808832 ----a-w- c:\windows\system32\athrx.sys

2013-12-31 16:53 . 2014-01-01 19:18 -------- d-----w- c:\windows\system32\nn-NO

2013-12-31 16:53 . 2012-03-08 17:37 60416 ------w- c:\windows\system32\athihvui.dll

2013-12-31 16:53 . 2012-03-08 17:37 439296 ------w- c:\windows\system32\athihvs.dll

2013-12-31 16:53 . 2014-01-02 10:07 -------- d-----w- c:\program files (x86)\Cisco

2013-12-31 16:32 . 2014-01-06 17:11 -------- d-----w- c:\users\Petra\AppData\Local\Deployment

2013-12-31 16:32 . 2013-12-31 16:32 -------- d-----w- c:\users\Petra\AppData\Local\Apps

2013-12-31 10:40 . 2000-01-01 00:00 671744 ----a-w- c:\windows\system32\stapi64.dll

2013-12-31 10:40 . 2000-01-01 00:00 541184 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2013-12-31 10:40 . 2000-01-01 00:00 499200 ----a-w- c:\windows\system32\stcplx64.dll

2013-12-31 10:40 . 2000-01-01 00:00 255488 ----a-w- c:\windows\system32\st646421.dll

2013-12-31 10:40 . 2000-01-01 00:00 2188288 ----a-w- c:\windows\system32\stapo64.dll

2013-12-31 10:40 . 2014-01-01 19:18 -------- d-----w- c:\program files\IDT

2013-12-31 10:05 . 2013-12-31 16:48 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-12-31 10:05 . 2013-12-31 10:05 -------- d-----w- c:\users\Petra\AppData\Local\SlimWare Utilities Inc

2013-12-30 22:25 . 2013-12-30 22:25 -------- d-----w- C:\Intel

2013-12-30 22:24 . 2013-02-22 15:14 168944 ----a-w- c:\windows\system32\igfxtray.exe

2013-12-30 22:24 . 2013-02-22 15:14 510960 ----a-w- c:\windows\system32\igfxsrvc.exe

2013-12-30 22:24 . 2013-02-22 15:14 418800 ----a-w- c:\windows\system32\igfxpers.exe

2013-12-30 22:24 . 2013-02-22 15:14 394224 ----a-w- c:\windows\system32\hkcmd.exe

2013-12-30 22:24 . 2013-02-22 15:14 241136 ----a-w- c:\windows\system32\igfxext.exe

2013-12-30 22:24 . 2013-02-22 15:14 4380144 ----a-w- c:\windows\system32\GfxUI.exe

2013-12-30 22:24 . 2013-02-22 15:14 185840 ----a-w- c:\windows\system32\difx64.exe

2013-12-30 22:22 . 2013-02-19 13:44 390144 ----a-w- c:\windows\system32\igfxdev.dll

2013-12-30 22:14 . 2013-12-31 16:14 -------- d-----w- c:\programdata\BlueStacks

2013-12-29 21:04 . 2013-12-29 21:04 -------- d-----w- c:\programdata\Qualcomm Atheros

2013-12-22 20:19 . 2013-12-31 16:15 -------- d-----w- c:\users\Petra\AppData\Roaming\Guitar Pro 6

2013-12-22 20:19 . 2013-12-22 20:19 -------- d-----w- c:\programdata\Guitar Pro 6

2013-12-22 20:09 . 2013-12-31 16:16 -------- d-----w- c:\program files (x86)\Guitar Pro 6

2013-12-22 15:55 . 2013-12-22 18:11 -------- d-----w- C:\_acestream_cache_

2013-12-22 15:55 . 2013-12-22 15:55 -------- d-----w- c:\users\Petra\AppData\Roaming\Hobbyist Software

2013-12-22 15:54 . 2013-12-31 16:09 -------- d-----w- c:\users\Petra\AppData\Roaming\.ACEStream

2013-12-12 12:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 12:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 12:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-12 12:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-12 12:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-12 09:35 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-08 15:19 . 2013-06-27 18:05 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2013-12-08 10:27 . 2013-12-08 10:27 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}

2013-12-08 10:27 . 2013-12-08 10:27 -------- d-----w- c:\programdata\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-15 23:40 . 2011-11-08 23:24 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-11 18:31 . 2012-04-01 13:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-11 18:31 . 2011-10-17 18:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-03 15:05 . 2013-12-03 15:05 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-12-03 15:05 . 2013-12-03 15:05 74456 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-12-03 15:05 . 2011-10-07 03:45 108760 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-12-03 15:04 . 2013-12-03 15:04 468208 ----a-w- c:\windows\system32\drivers\SynTP.sys

2013-12-03 15:04 . 2013-12-03 15:04 229616 ----a-w- c:\windows\system32\SynTPAPI.dll

2013-12-03 15:04 . 2013-12-03 15:04 180464 ----a-w- c:\windows\system32\SynTPCo16.dll

2013-12-03 15:04 . 2013-12-03 15:04 114416 ----a-w- c:\windows\SysWow64\SynTPCOM.dll

2013-12-03 15:04 . 2013-12-03 15:04 1048576 ----a-w- c:\windows\system32\syndata.bin

2013-12-03 15:04 . 2013-12-03 15:04 532208 ----a-w- c:\windows\SysWow64\SynCOM.dll

2013-12-03 15:04 . 2013-12-03 15:04 1035504 ----a-w- c:\windows\system32\SynCOM.dll

2013-12-03 15:04 . 2013-12-03 15:04 32496 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys

2013-11-26 12:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-19 21:57 . 2013-11-19 21:57 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-19 21:57 . 2013-11-19 21:57 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-19 21:57 . 2013-11-19 21:57 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-19 21:57 . 2013-11-19 21:57 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-19 21:57 . 2013-11-19 21:57 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-19 21:57 . 2013-11-19 21:57 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-19 21:57 . 2013-11-19 21:57 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-19 21:57 . 2013-11-19 21:57 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-19 21:57 . 2013-11-19 21:57 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-19 21:57 . 2013-11-19 21:57 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-19 21:57 . 2013-11-19 21:57 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-19 21:57 . 2013-11-19 21:57 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-19 21:57 . 2013-11-19 21:57 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-19 21:57 . 2013-11-19 21:57 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-19 21:57 . 2013-11-19 21:57 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-19 21:57 . 2013-11-19 21:57 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-19 21:57 . 2013-11-19 21:57 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-19 21:57 . 2013-11-19 21:57 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-19 21:57 . 2013-11-19 21:57 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-19 21:57 . 2013-11-19 21:57 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-19 21:57 . 2013-11-19 21:56 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-19 21:56 . 2013-11-19 21:56 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-19 21:56 . 2013-11-19 21:56 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-19 21:56 . 2013-11-19 21:56 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-19 21:56 . 2013-11-19 21:56 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-19 21:56 . 2013-11-19 21:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-19 21:56 . 2013-11-19 21:56 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-19 21:56 . 2013-11-19 21:56 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-19 21:56 . 2013-11-19 21:56 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-19 21:56 . 2013-11-19 21:56 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-19 21:56 . 2013-11-19 21:56 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-19 21:56 . 2013-11-19 21:56 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-19 21:56 . 2013-11-19 21:56 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-19 21:56 . 2013-11-19 21:56 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-19 21:56 . 2013-11-19 21:56 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-19 21:56 . 2013-11-19 21:56 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-19 21:56 . 2013-11-19 21:56 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-19 21:56 . 2013-11-19 21:56 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-19 21:56 . 2013-11-19 21:56 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-19 21:56 . 2013-11-19 21:56 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-19 21:56 . 2013-11-19 21:56 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-19 21:56 . 2013-11-19 21:56 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-19 21:56 . 2013-11-19 21:56 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-19 21:56 . 2013-11-19 21:56 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-19 21:56 . 2013-11-19 21:56 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-19 21:56 . 2013-11-19 21:56 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-19 21:56 . 2013-11-19 21:56 413696 ----a-w- c:\windows\system32\html.iec

2013-11-19 21:56 . 2013-11-19 21:56 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-19 21:56 . 2013-11-19 21:56 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-19 21:56 . 2013-11-19 21:56 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-19 21:56 . 2013-11-19 21:56 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-19 21:56 . 2013-11-19 21:56 235520 ----a-w- c:\windows\system32\url.dll

2013-11-19 21:56 . 2013-11-19 21:56 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-19 21:56 . 2013-11-19 21:56 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-19 21:56 . 2013-11-19 21:56 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-19 21:56 . 2013-11-19 21:56 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-19 21:56 . 2013-11-19 21:56 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-19 21:56 . 2013-11-19 21:56 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-19 21:56 . 2013-11-19 21:56 101376 ----a-w- c:\windows\system32\inseng.dll

2013-10-14 18:00 . 2013-11-19 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-10-12 02:30 . 2013-11-14 17:21 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-14 17:21 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-14 17:21 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-14 17:21 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-14 17:21 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-14 08:10 222832 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-14 08:10 222832 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-14 08:10 222832 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-11-02 12:35 1727176 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-11-02 12:35 1727176 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-11-02 12:35 1727176 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Petra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-03 1168896]

"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-11-11 2283808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]

"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Global Protection 2013\APVXDWIN.EXE" [2012-12-12 1038192]

"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Global Protection 2013\Inicio.exe" [2012-11-08 70432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]

R4 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]

R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys;c:\windows\SYSNATIVE\Drivers\pavboot64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys;c:\windows\SYSNATIVE\DRIVERS\ShldFlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys;c:\windows\SYSNATIVE\DRIVERS\amm6460.sys [x]

S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS;c:\windows\SYSNATIVE\Drivers\APPFLT64.SYS [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys;c:\windows\SYSNATIVE\DRIVERS\COMFiltr.sys [x]

S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS;c:\windows\SYSNATIVE\Drivers\DSAFLT64.SYS [x]

S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS;c:\windows\SYSNATIVE\Drivers\fnetm64.SYS [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS;c:\windows\SYSNATIVE\Drivers\IDSFLT64.SYS [x]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS;c:\windows\SYSNATIVE\Drivers\NETTDI64.SYS [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Global Protection 2013\PskSvc.exe;c:\program files (x86)\Panda Security\Panda Global Protection 2013\PskSvc.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS;c:\windows\SYSNATIVE\Drivers\WNMFLT64.SYS [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys;c:\windows\SYSNATIVE\DRIVERS\n64i1644.sys [x]

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys;c:\windows\SYSNATIVE\PavTPK.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-06 05:37 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:31]

.

2013-12-01 c:\windows\Tasks\Basic clean-up.job

- c:\program files (x86)\Panda Security\Panda Global Protection 2013\PlaTasks.exe [2013-09-02 09:36]

.

2014-01-06 c:\windows\Tasks\Driver Booster Update.job

- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-12-29 11:01]

.

2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 22:10]

.

2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 22:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

2013-12-21 17:29 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-14 08:10 261744 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-14 08:10 261744 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-14 08:10 261744 ----a-w- c:\users\Petra\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-11-02 12:30 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-11-02 12:30 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-11-02 12:30 2331336 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1425408]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105

Trusted Zone: adobe.com

Trusted Zone: course-source.net

Trusted Zone: dell.com

Trusted Zone: epautotest.com

Trusted Zone: learndirect-business.com

Trusted Zone: learndirect.co.uk

Trusted Zone: mindleaders.com

Trusted Zone: thirdforce.com

TCP: DhcpNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\42r4q646.default\

FF - ExtSQL: 2013-12-21 17:29; ascsurfingprotection@iobit.com; c:\users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\42r4q646.default\extensions\ascsurfingprotection@iobit.com

.

.

------- File Associations -------

.

JSEFile=c:\progra~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEVSystemStart]

"ImagePath"="\"c:\combofix\pev.3XE\" EXEC /i \"c:\combofix\REGT.3XE\" /S \"c:\combofix\CregB.dat\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\01\0a\10\1a\14G"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]


.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Panda Security\Panda Global Protection 2013\TPSrvWow.exe

c:\program files (x86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2013\WebProxy.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Panda Security\Panda Global Protection 2013\PsCtrls.exe

c:\program files (x86)\Panda Security\Panda Global Protection 2013\PavFnSvr.exe

c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

c:\program files (x86)\Panda Security\Panda Global Protection 2013\pavsrvx86.exe

c:\program files (x86)\panda security\panda global protection 2013\firewall\PSHOST.EXE

c:\program files (x86)\Panda Security\Panda Global Protection 2013\PsImSvc.exe

c:\program files (x86)\Panda Security\Panda Global Protection 2013\AVENGINE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-01-06  17:48:36 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-06 17:48

.

Pre-Run: 151,104,040,960 bytes free

Post-Run: 150,578,655,232 bytes free

.

- - End Of File - - 76CEE731C8C1332373B4E9BE4A7A75E4
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

ESET Scan

 

C:\$RECYCLE.BIN\S-1-5-21-2731487014-1007817713-1982925505-1001\$RQBF5U4\Patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\16W1WMHFIEP.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\19QDICSDWQQ.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\BOJKV67M9Z5.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\EEX31G1ZP3N.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\F2LKNQTE1DP.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\FAJXREPM2TY.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\GQD7VC4DOJD.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\J4N419QC3AH.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\JH6M0ZR16OI.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\N2JO18KS4ES.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\NU8FJN0RCK9.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\TXJSGXPGGFW.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\WBUE4DNOKSX.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files\KMSpico\WE00Z7XFW7L.exe a variant of Win32/HackTool.KMSAuto.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined

C:\Users\Petra\Documents\Vuze Downloads\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa].rar Win32/HackTool.WinActivator.I application deleted - quarantined

C:\Windows\Installer\9591da.msi multiple threats deleted - quarantined
Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.