Jump to content

Recommended Posts

Hi lorcanf

,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

    I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    The fixes are specific to your problem and should only be used for the issues on this machine.
    Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    It's often worth reading through these instructions and printing them for ease of reference.
    If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    Please reply to this thread. Do not start a new topic.
    Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

 

AdwCleaner

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

 

 

Then

 

Please download Junkware Removal Tool by clicking here and save it to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Double click JRT.exe to run the tool.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

And finally:

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments,  attach.txt will open in a second window.
  • Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

 

Link to post
Share on other sites

Hi Tom1

I've copied the results of the scan below 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.08.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Galway Shop :: GALWAYSHOP-PC [administrator]

 

Protection: Enabled

 

09/01/2014 12:36:17

mbam-log-2014-01-09 (12-36-17).txt

 

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409147

Time elapsed: 49 minute(s), 36 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Adw cleaner report

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 12:53:19
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Galway Shop - GALWAYSHOP-PC
# Running from : C:\Users\Galway Shop\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SaveAs
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\ssaVeensehyare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SaveAs
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Users\Galway Shop\AppData\Local\Conduit
Folder Deleted : C:\Users\Galway Shop\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Galway Shop\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Galway Shop\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Galway Shop\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\Galway Shop\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Galway Shop\AppData\Roaming\EZDownloader
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94178892-8C32-4B7C-8C2F-2E32FD42FAD7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C72A2EFD-B266-4BF3-94B7-9E239A6DAE1C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Galway Shop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [7385 octets] - [10/01/2014 12:52:44]
AdwCleaner[s0].txt - [6379 octets] - [10/01/2014 12:53:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6439 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by Galway Shop on 10/01/2014 at 13:00:10.30

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471368945-2566149098-2719202178-1001\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"

Successfully deleted: [Folder] "C:\Users\Galway Shop\appdata\local\cre"

Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"

Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{4BB729C6-4356-4E4E-A4DA-375D0949E8E2}

Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{A7A4A14F-6F05-4CFB-B5F1-4A65AFA51465}

Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{C94A7278-549A-4FD2-8AE1-497BDB40EC80}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10/01/2014 at 13:09:07.16

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

DDS report

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.40.2
Run by Galway Shop at 13:10:31 on 2014-01-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.353.1033.18.6049.3504 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Advanced SystemCare Ultimate *Enabled/Outdated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe
C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe
C:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbeng11.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\DELL\Stage Remote\StageRemote.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DELL\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\FedEx\GSMW\BIN\AdminService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [Google Update] "C:\Users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [stickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{89C65559-FA17-4A8F-8590-0A973CB8DC7D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{906C31CC-B838-4F07-9BE4-CE4747D2E5DD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{906C31CC-B838-4F07-9BE4-CE4747D2E5DD}\F423F583735463 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~3\webtect\webtect.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
x64-BHO: RoboSaver: {36C46D25-499C-0CB9-9507-1612AE3D0B35} - 
x64-BHO: Fun2Saavve: {A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [bTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [seagull Drivers] ssdal_nc.exe startup
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-26 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-26 55856]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-10-18 1051088]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-26 98208]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-10-18 623936]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-9-26 98304]
R2 dldt_device;dldt_device;C:\Windows\System32\dldtcoms.exe -service --> C:\Windows\System32\dldtcoms.exe -service [?]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
R2 FedExAdminService;FedEx Administration Service;C:\Program Files (x86)\FedEx\GSMW\BIN\AdminService.exe [2011-10-7 24576]
R2 FedExLoggingService;FedEx Logging Service;C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [2011-10-7 7168]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;C:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe [2011-10-7 141176]
R2 FSMS Server Service;FSMS Server Service;C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [2011-10-10 13312]
R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;C:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [2010-3-16 36864]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-17 701512]
R2 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2013-4-26 68192]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-9-26 176128]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-6-15 144672]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-26 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-26 2656280]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2011-9-26 1800576]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-26 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-17 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 25e4f9bf;WebTect;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03:40;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MatLocalLicenceServer52;Materialise Local License Server 5.2;C:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [2010-3-16 475136]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-3-8 46592]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-26 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-10 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2011-9-26 311400]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-2 1255736]
S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-10-25 36920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-10 13:00:08 -------- d-----w- C:\Windows\ERUNT
2014-01-10 12:52:40 -------- d-----w- C:\AdwCleaner
2014-01-10 11:35:53 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE98D288-4E5E-4854-8905-AFBF0AA69522}\mpengine.dll
2014-01-09 15:49:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-09 15:49:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-09 15:49:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-01-09 15:49:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-01-09 15:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-01-09 10:22:50 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 11:53:22 1059574 ----a-w- C:\ProgramData\SPL6891.tmp
2013-12-31 12:30:47 1059574 ----a-w- C:\ProgramData\SPL1D90.tmp
2013-12-30 10:21:06 -------- d-----w- C:\ProgramData\jpiokohghapeebfbepkjopjjnbobjpom
2013-12-30 10:21:06 -------- d-----w- C:\ProgramData\Fun2Saavve
2013-12-30 10:20:57 -------- d-----w- C:\ProgramData\RoboSaver
2013-12-30 10:20:57 -------- d-----w- C:\ProgramData\899e2a65e4660192
2013-12-29 13:13:31 -------- d-----w- C:\ProgramData\WebTect
2013-12-28 09:49:13 -------- d-----w- C:\Windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0
.
==================== Find3M  ====================
.
2013-12-11 16:32:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 16:32:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-10 13:18:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-11-10 13:18:57 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 13:16:28 885520 ----a-w- C:\Windows\System32\Netwcw00.dll
2013-10-25 13:16:28 3381008 ----a-w- C:\Windows\System32\Netwrw00.dll
2013-10-25 13:16:28 11525872 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-15 11:49:26 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-15 11:49:26 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-15 11:49:26 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:11:11.01 ===============
Link to post
Share on other sites

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as vuze, uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

You have two anti-virus programs running.  Microsoft Security Essentials and Advanced System Care.  That is a bad idea.  Running two anti-virus programs can cause conflict between them and result in a variety of problems.  You need to uninstall one of them.  Personally I wouldn't allow anything by IObit on my system (and it is out of date anyway) so I would definitely uninstall Advanced system care, but it is your system and your choice.

 

Next

 

Once you have uninstalled the Vuze, the extra Anti-virus program, and any dodgy programs that you might have downloaded with your bittorrent client... then proceed as follows:

 

Download ComboFix from here:  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.

    3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

    4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to post
Share on other sites

Thanks for all your help, I have deleted all the software mentioned.

 

ComboFix 14-01-08.03 - Galway Shop 11/01/2014  11:52:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.353.1033.18.6049.3684 [GMT 0:00]
Running from: c:\users\Galway Shop\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\Roaming
c:\programdata\SPL1D90.tmp
c:\programdata\SPL6891.tmp
c:\users\Galway Shop\GoToAssistDownloadHelper.exe
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1\dbdata.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))
.
.
2014-01-11 12:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC157358-216D-42A9-A308-6DAA064B522B}\mpengine.dll
2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\ProductData
2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-10 13:00 . 2014-01-10 13:00 -------- d-----w- c:\windows\ERUNT
2014-01-10 12:52 . 2014-01-10 12:53 -------- d-----w- C:\AdwCleaner
2014-01-10 11:35 . 2013-12-04 03:28 10315576 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-09 15:49 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-09 15:49 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-09 15:49 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-09 15:49 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-09 15:49 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-09 15:42 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-30 10:21 . 2014-01-06 15:21 -------- d-----w- c:\programdata\Fun2Saavve
2013-12-30 10:21 . 2013-12-30 10:21 -------- d-----w- c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom
2013-12-30 10:20 . 2014-01-06 15:21 -------- d-----w- c:\programdata\RoboSaver
2013-12-30 10:20 . 2013-12-30 10:21 -------- d-----w- c:\programdata\899e2a65e4660192
2013-12-29 13:13 . 2013-12-29 13:13 -------- d-----w- c:\programdata\WebTect
2013-12-28 09:49 . 2014-01-08 13:44 -------- d-----w- c:\windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 15:46 . 2012-02-09 10:37 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:32 . 2013-02-25 12:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:32 . 2011-09-26 15:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52994EF-6B0B-4FDC-84F7-7AD0A9D1EFA3}\gapaengine.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-10 13:20 . 2013-11-10 13:20 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-11-10 13:20 . 2013-11-10 13:20 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-11-10 13:20 . 2013-11-10 13:20 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-11-10 13:20 . 2013-11-10 13:20 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-11-10 13:20 . 2013-11-10 13:20 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-11-10 13:20 . 2013-11-10 13:20 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-11-10 13:20 . 2013-11-10 13:20 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-11-10 13:20 . 2013-11-10 13:20 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-10 13:20 . 2013-11-10 13:20 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-11-10 13:20 . 2013-11-10 13:20 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-11-10 13:20 . 2013-11-10 13:20 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-11-10 13:20 . 2013-11-10 13:20 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-11-10 13:20 . 2013-11-10 13:20 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-11-10 13:20 . 2013-11-10 13:20 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-11-10 13:20 . 2013-11-10 13:20 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-11-10 13:20 . 2013-11-10 13:20 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-11-10 13:20 . 2013-11-10 13:20 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-11-10 13:20 . 2013-11-10 13:20 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-11-10 13:20 . 2013-11-10 13:20 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-11-10 13:20 . 2013-11-10 13:20 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-11-10 13:20 . 2013-11-10 13:20 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-10 13:20 . 2013-11-10 13:20 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-11-10 13:20 . 2013-11-10 13:20 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-11-10 13:18 . 2013-11-10 13:18 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-11-10 13:18 . 2013-11-10 13:18 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-10-25 13:16 . 2013-10-25 13:16 885520 ----a-w- c:\windows\system32\Netwcw00.dll
2013-10-25 13:16 . 2013-10-25 13:16 3381008 ----a-w- c:\windows\system32\Netwrw00.dll
2013-10-25 13:16 . 2013-10-25 13:16 11525872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys
2013-10-15 11:49 . 2013-10-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-15 11:49 . 2012-09-17 12:44 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-10-15 11:49 . 2011-09-26 15:49 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-10-14 07:12 . 2013-11-10 13:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61EE1E1-DB20-4404-AE1F-990C47189F4A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe;c:\windows\SYSNATIVE\dldtcoms.exe [x]
R2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
R2 FedExAdminService;FedEx Administration Service;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe [x]
R2 FedExLoggingService;FedEx Logging Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [x]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe  -hvFedExShipnetDBService;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe  -hvFedExShipnetDBService [x]
R2 FSMS Server Service;FSMS Server Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [x]
R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 16:32]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001Core1ce7959ef670907.job
- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001UA.job
- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
BHO-{36C46D25-499C-0CB9-9507-1612AE3D0B35} - c:\programdata\RoboSaver\mASyR.x64.dll
BHO-{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A} - c:\programdata\Fun2Saavve\K_EG1f.x64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
   be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
"{DA5BCE70-D057-4D63-943D-5F3927EC59F1}"=hex:51,66,7a,6c,4c,1d,38,12,1e,cd,48,
   de,65,9e,0d,08,eb,2b,1c,79,22,b2,1d,e5
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{36C46D25-499C-0CB9-9507-1612AE3D0B35}"=hex:51,66,7a,6c,4c,1d,38,12,4b,6e,d7,
   32,ae,07,d7,49,ea,11,55,52,ab,63,4f,21
"{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}"=hex:51,66,7a,6c,4c,1d,38,12,a9,56,dc,
   ad,dc,e8,98,46,14,ce,6f,fb,48,0c,92,9e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fb,9e,58,7b,ff,0a,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-11  12:42:11 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-11 12:42
.
Pre-Run: 801,425,018,880 bytes free
Post-Run: 800,964,014,080 bytes free
.
- - End Of File - - 6FF1F9DCC76135993254C9910D6A768D
Link to post
Share on other sites

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::Folder::c:\programdata\Fun2Saavvec:\programdata\jpiokohghapeebfbepkjopjjnbobjpomc:\programdata\RoboSaverc:\programdata\899e2a65e4660192
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 

Link to post
Share on other sites

My PC is already running a lot better and the Fun2Saavve extension is gone :D thanks again for all your help!!!!!

I've pasted the combofix log below

_________________________________________________________________________________________

ComboFix 14-01-13.01 - Galway Shop 13/01/2014   9:56.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.353.1033.18.6049.4146 [GMT 0:00]
Running from: c:\users\Galway Shop\Desktop\ComboFix.exe
Command switches used :: c:\users\Galway Shop\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\899e2a65e4660192
c:\programdata\899e2a65e4660192\22c3997ee7059bcb69aa9aeb01f9c98c.ini
c:\programdata\899e2a65e4660192\91edd5c0e4a2c4a469aa9aeb01f9c98c.ini
c:\programdata\Fun2Saavve
c:\programdata\Fun2Saavve\K_EG1f.dat
c:\programdata\Fun2Saavve\K_EG1f.tlb
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\background.html
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\CBVm660p.js
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\content.js
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\lsdb.js
c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\manifest.json
c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\RoboSaver
c:\programdata\RoboSaver\mASyR.dat
c:\programdata\RoboSaver\mASyR.tlb
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1\dbdata.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-13 10:01 . 2014-01-13 10:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-13 10:01 . 2014-01-13 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 09:39 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41D009B2-A3E1-4EA0-AB5A-797A06CD72BF}\mpengine.dll
2014-01-11 12:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\ProductData
2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-10 13:00 . 2014-01-10 13:00 -------- d-----w- c:\windows\ERUNT
2014-01-10 12:52 . 2014-01-10 12:53 -------- d-----w- C:\AdwCleaner
2014-01-09 15:49 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-09 15:49 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-09 15:49 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-09 15:49 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-09 15:49 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-09 15:42 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-29 13:13 . 2013-12-29 13:13 -------- d-----w- c:\programdata\WebTect
2013-12-28 09:49 . 2014-01-08 13:44 -------- d-----w- c:\windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 15:46 . 2012-02-09 10:37 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:32 . 2013-02-25 12:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:32 . 2011-09-26 15:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52994EF-6B0B-4FDC-84F7-7AD0A9D1EFA3}\gapaengine.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-10 13:20 . 2013-11-10 13:20 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-11-10 13:20 . 2013-11-10 13:20 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-11-10 13:20 . 2013-11-10 13:20 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-11-10 13:20 . 2013-11-10 13:20 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-11-10 13:20 . 2013-11-10 13:20 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-11-10 13:20 . 2013-11-10 13:20 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-11-10 13:20 . 2013-11-10 13:20 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-11-10 13:20 . 2013-11-10 13:20 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-11-10 13:20 . 2013-11-10 13:20 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-11-10 13:20 . 2013-11-10 13:20 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-11-10 13:20 . 2013-11-10 13:20 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-11-10 13:20 . 2013-11-10 13:20 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-11-10 13:20 . 2013-11-10 13:20 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-11-10 13:20 . 2013-11-10 13:20 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-11-10 13:20 . 2013-11-10 13:20 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-11-10 13:20 . 2013-11-10 13:20 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-11-10 13:20 . 2013-11-10 13:20 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-11-10 13:20 . 2013-11-10 13:20 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-11-10 13:20 . 2013-11-10 13:20 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-11-10 13:20 . 2013-11-10 13:20 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-11-10 13:20 . 2013-11-10 13:20 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-10 13:20 . 2013-11-10 13:20 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-11-10 13:20 . 2013-11-10 13:20 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-11-10 13:18 . 2013-11-10 13:18 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-11-10 13:18 . 2013-11-10 13:18 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-10-25 13:16 . 2013-10-25 13:16 885520 ----a-w- c:\windows\system32\Netwcw00.dll
2013-10-25 13:16 . 2013-10-25 13:16 3381008 ----a-w- c:\windows\system32\Netwrw00.dll
2013-10-25 13:16 . 2013-10-25 13:16 11525872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys
2013-10-15 11:49 . 2013-10-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-15 11:49 . 2012-09-17 12:44 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-10-15 11:49 . 2011-09-26 15:49 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"FAStartup"="" [bU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe;c:\windows\SYSNATIVE\dldtcoms.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 FedExAdminService;FedEx Administration Service;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe [x]
S2 FedExLoggingService;FedEx Logging Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [x]
S2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe  -hvFedExShipnetDBService;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe  -hvFedExShipnetDBService [x]
S2 FSMS Server Service;FSMS Server Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 16:32]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001Core1ce7959ef670907.job
- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001UA.job
- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [bU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C46D25-499C-0CB9-9507-1612AE3D0B35}]
c:\programdata\RoboSaver\mASyR.x64.dll [bU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}]
c:\programdata\Fun2Saavve\K_EG1f.x64.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
   be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
"{DA5BCE70-D057-4D63-943D-5F3927EC59F1}"=hex:51,66,7a,6c,4c,1d,38,12,1e,cd,48,
   de,65,9e,0d,08,eb,2b,1c,79,22,b2,1d,e5
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{36C46D25-499C-0CB9-9507-1612AE3D0B35}"=hex:51,66,7a,6c,4c,1d,38,12,4b,6e,d7,
   32,ae,07,d7,49,ea,11,55,52,ab,63,4f,21
"{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}"=hex:51,66,7a,6c,4c,1d,38,12,a9,56,dc,
   ad,dc,e8,98,46,14,ce,6f,fb,48,0c,92,9e
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fb,9e,58,7b,ff,0a,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe
c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbeng11.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2014-01-13  10:22:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-13 10:22
ComboFix2.txt  2014-01-11 12:42
.
Pre-Run: 802,001,158,144 bytes free
Post-Run: 801,533,255,680 bytes free
.
- - End Of File - - B412EFB97D7E8949F2C896459E71035F
Link to post
Share on other sites

That's looking good.

 

Let's get an online scan (be prepared.  This scan will take hours):

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.