lorcanf Posted January 8, 2014 ID:775451 Share Posted January 8, 2014 Hi AllA chrome extension called Fun2Saavve has hijaced my computer and reinstalls itself everytime I open a new browser window.Any help fixing this would be appreciated. Link to post Share on other sites More sharing options...
Tomk1 Posted January 8, 2014 ID:775458 Share Posted January 8, 2014 Hi lorcanf,Welcome to Malwarebytes ForumMy name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one. AdwCleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well. Then Please download Junkware Removal Tool by clicking here and save it to your desktop.Shutdown your antivirus to avoid any conflicts.Double click JRT.exe to run the tool.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. And finally: Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt and Attach.txt reports in your next reply Link to post Share on other sites More sharing options...
lorcanf Posted January 9, 2014 Author ID:775777 Share Posted January 9, 2014 Hi Tom1I've copied the results of the scan below Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.08.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16736Galway Shop :: GALWAYSHOP-PC [administrator] Protection: Enabled 09/01/2014 12:36:17mbam-log-2014-01-09 (12-36-17).txt Scan type: Full scan (C:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409147Time elapsed: 49 minute(s), 36 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Tomk1 Posted January 9, 2014 ID:775810 Share Posted January 9, 2014 Ok... now how about the logs from the tools that I asked you to run? Link to post Share on other sites More sharing options...
lorcanf Posted January 10, 2014 Author ID:776111 Share Posted January 10, 2014 Adw cleaner report # AdwCleaner v3.016 - Report created 10/01/2014 at 12:53:19# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Galway Shop - GALWAYSHOP-PC# Running from : C:\Users\Galway Shop\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\SaveAsFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\SweetIMFolder Deleted : C:\ProgramData\ssaVeensehyareFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\SaveAsFolder Deleted : C:\Program Files (x86)\SweetIMFolder Deleted : C:\Program Files (x86)\Vuze_RemoteFolder Deleted : C:\Program Files (x86)\WebSearchFolder Deleted : C:\Program Files (x86)\VuzeFolder Deleted : C:\Users\Galway Shop\AppData\Local\ConduitFolder Deleted : C:\Users\Galway Shop\AppData\Local\SwvUpdaterFolder Deleted : C:\Users\Galway Shop\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Galway Shop\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Galway Shop\AppData\LocalLow\SaveAsFolder Deleted : C:\Users\Galway Shop\AppData\LocalLow\Vuze_RemoteFolder Deleted : C:\Users\Galway Shop\AppData\Roaming\EZDownloaderFile Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekknKey Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkkKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkkKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94178892-8C32-4B7C-8C2F-2E32FD42FAD7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C72A2EFD-B266-4BF3-94B7-9E239A6DAE1C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\FLEXnetKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\Vuze_RemoteKey Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\Vuze_RemoteKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote ToolbarKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23FKey Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Google Chrome v [ File : C:\Users\Galway Shop\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [7385 octets] - [10/01/2014 12:52:44]AdwCleaner[s0].txt - [6379 octets] - [10/01/2014 12:53:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6439 octets] ########## Link to post Share on other sites More sharing options...
lorcanf Posted January 10, 2014 Author ID:776120 Share Posted January 10, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Home Premium x64Ran by Galway Shop on 10/01/2014 at 13:00:10.30~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyonSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471368945-2566149098-2719202178-1001\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"Successfully deleted: [Folder] "C:\Users\Galway Shop\appdata\local\cre"Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{4BB729C6-4356-4E4E-A4DA-375D0949E8E2}Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{A7A4A14F-6F05-4CFB-B5F1-4A65AFA51465}Successfully deleted: [Empty Folder] C:\Users\Galway Shop\appdata\local\{C94A7278-549A-4FD2-8AE1-497BDB40EC80} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 10/01/2014 at 13:09:07.16End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
lorcanf Posted January 10, 2014 Author ID:776121 Share Posted January 10, 2014 DDS reportDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.40.2Run by Galway Shop at 13:10:31 on 2014-01-10Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.6049.3504 [GMT 0:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}AV: Advanced SystemCare Ultimate *Enabled/Outdated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exeC:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exec:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exec:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Windows\system32\svchost.exe -k bthsvcsc:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exeC:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exeC:\Windows\system32\dldtcoms.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exeC:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exeC:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exeC:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbeng11.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files (x86)\DELL\Stage Remote\StageRemote.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\DELL\Stage Remote\StageRemoteService.exeC:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exeC:\Program Files (x86)\Cyberlink\Shared files\brs.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exeC:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\FedEx\GSMW\BIN\AdminService.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEc:\Program Files (x86)\Intel\Bluetooth\mediasrv.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\wuauclt.exeC:\Windows\explorer.exeC:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SysWOW64\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Galway Shop\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskeng.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,uRun: [Google Update] "C:\Users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStartmRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exemRun: [stickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exemRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [FAStartup] <no file>mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmIE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.254TCP: Interfaces\{89C65559-FA17-4A8F-8590-0A973CB8DC7D} : DHCPNameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{906C31CC-B838-4F07-9BE4-CE4747D2E5DD} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{906C31CC-B838-4F07-9BE4-CE4747D2E5DD}\F423F583735463 : DHCPNameServer = 192.168.1.1 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllAppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~3\webtect\webtect.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli FAPassSyncx64-BHO: RoboSaver: {36C46D25-499C-0CB9-9507-1612AE3D0B35} - x64-BHO: Fun2Saavve: {A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Trayx64-Run: [bTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quietx64-Run: [seagull Drivers] ssdal_nc.exe startupx64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-26 25960]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-26 55856]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-10-18 1051088]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-26 98208]R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-10-18 623936]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-9-26 98304]R2 dldt_device;dldt_device;C:\Windows\System32\dldtcoms.exe -service --> C:\Windows\System32\dldtcoms.exe -service [?]R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]R2 FedExAdminService;FedEx Administration Service;C:\Program Files (x86)\FedEx\GSMW\BIN\AdminService.exe [2011-10-7 24576]R2 FedExLoggingService;FedEx Logging Service;C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [2011-10-7 7168]R2 FedExShipnetDBService;FedEx Shipnet Database Service;C:\Program Files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe [2011-10-7 141176]R2 FSMS Server Service;FSMS Server Service;C:\Program Files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [2011-10-10 13312]R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;C:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [2010-3-16 36864]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-17 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-17 701512]R2 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2013-4-26 68192]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-9-26 176128]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-6-15 144672]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-26 1692480]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-26 2656280]R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2011-9-26 1800576]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-26 176096]R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-17 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 412776]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]S2 25e4f9bf;WebTect;C:\Windows\System32\rundll32.exe [2009-7-13 45568]S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03:40;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MatLocalLicenceServer52;Materialise Local License Server 5.2;C:\Program Files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [2010-3-16 475136]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-3-8 46592]S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-26 158976]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-10 19456]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2011-9-26 311400]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-10 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-10 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-2 1255736]S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-10-25 36920]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-01-10 13:00:08 -------- d-----w- C:\Windows\ERUNT2014-01-10 12:52:40 -------- d-----w- C:\AdwCleaner2014-01-10 11:35:53 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE98D288-4E5E-4854-8905-AFBF0AA69522}\mpengine.dll2014-01-09 15:49:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2014-01-09 15:49:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2014-01-09 15:49:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL2014-01-09 15:49:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL2014-01-09 15:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2014-01-09 10:22:50 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-01-02 11:53:22 1059574 ----a-w- C:\ProgramData\SPL6891.tmp2013-12-31 12:30:47 1059574 ----a-w- C:\ProgramData\SPL1D90.tmp2013-12-30 10:21:06 -------- d-----w- C:\ProgramData\jpiokohghapeebfbepkjopjjnbobjpom2013-12-30 10:21:06 -------- d-----w- C:\ProgramData\Fun2Saavve2013-12-30 10:20:57 -------- d-----w- C:\ProgramData\RoboSaver2013-12-30 10:20:57 -------- d-----w- C:\ProgramData\899e2a65e46601922013-12-29 13:13:31 -------- d-----w- C:\ProgramData\WebTect2013-12-28 09:49:13 -------- d-----w- C:\Windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0.==================== Find3M ====================.2013-12-11 16:32:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 16:32:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-10 13:18:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2013-11-10 13:18:57 366592 ----a-w- C:\Windows\System32\qdvd.dll2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-10-25 13:16:28 885520 ----a-w- C:\Windows\System32\Netwcw00.dll2013-10-25 13:16:28 3381008 ----a-w- C:\Windows\System32\Netwrw00.dll2013-10-25 13:16:28 11525872 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-15 11:49:26 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-15 11:49:26 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-10-15 11:49:26 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll.============= FINISH: 13:11:11.01 =============== Link to post Share on other sites More sharing options...
Tomk1 Posted January 10, 2014 ID:776163 Share Posted January 10, 2014 P2P/Piracy Warning: If you're using Peer 2 Peer software such as vuze, uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. You have two anti-virus programs running. Microsoft Security Essentials and Advanced System Care. That is a bad idea. Running two anti-virus programs can cause conflict between them and result in a variety of problems. You need to uninstall one of them. Personally I wouldn't allow anything by IObit on my system (and it is out of date anyway) so I would definitely uninstall Advanced system care, but it is your system and your choice. Next Once you have uninstalled the Vuze, the extra Anti-virus program, and any dodgy programs that you might have downloaded with your bittorrent client... then proceed as follows: Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmlDouble click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Link to post Share on other sites More sharing options...
lorcanf Posted January 11, 2014 Author ID:776681 Share Posted January 11, 2014 Thanks for all your help, I have deleted all the software mentioned. ComboFix 14-01-08.03 - Galway Shop 11/01/2014 11:52:35.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.6049.3684 [GMT 0:00]Running from: c:\users\Galway Shop\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dllc:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dllc:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dllc:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dllc:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dllc:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dllc:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dllc:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dllc:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dllc:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dllc:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dllc:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dllc:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dllc:\programdata\Roamingc:\programdata\SPL1D90.tmpc:\programdata\SPL6891.tmpc:\users\Galway Shop\GoToAssistDownloadHelper.exec:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dllc:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1\dbdata.dll..((((((((((((((((((((((((( Files Created from 2013-12-11 to 2014-01-11 )))))))))))))))))))))))))))))))..2014-01-11 12:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC157358-216D-42A9-A308-6DAA064B522B}\mpengine.dll2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\ProductData2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-01-10 13:00 . 2014-01-10 13:00 -------- d-----w- c:\windows\ERUNT2014-01-10 12:52 . 2014-01-10 12:53 -------- d-----w- C:\AdwCleaner2014-01-10 11:35 . 2013-12-04 03:28 10315576 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-01-09 15:49 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2014-01-09 15:49 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2014-01-09 15:49 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2014-01-09 15:49 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2014-01-09 15:49 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2014-01-09 15:42 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll2013-12-30 10:21 . 2014-01-06 15:21 -------- d-----w- c:\programdata\Fun2Saavve2013-12-30 10:21 . 2013-12-30 10:21 -------- d-----w- c:\programdata\jpiokohghapeebfbepkjopjjnbobjpom2013-12-30 10:20 . 2014-01-06 15:21 -------- d-----w- c:\programdata\RoboSaver2013-12-30 10:20 . 2013-12-30 10:21 -------- d-----w- c:\programdata\899e2a65e46601922013-12-29 13:13 . 2013-12-29 13:13 -------- d-----w- c:\programdata\WebTect2013-12-28 09:49 . 2014-01-08 13:44 -------- d-----w- c:\windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-09 15:46 . 2012-02-09 10:37 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-11 16:32 . 2013-02-25 12:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 16:32 . 2011-09-26 15:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52994EF-6B0B-4FDC-84F7-7AD0A9D1EFA3}\gapaengine.dll2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-10 13:20 . 2013-11-10 13:20 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe2013-11-10 13:20 . 2013-11-10 13:20 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys2013-11-10 13:20 . 2013-11-10 13:20 5773824 ----a-w- c:\windows\system32\mstscax.dll2013-11-10 13:20 . 2013-11-10 13:20 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll2013-11-10 13:20 . 2013-11-10 13:20 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll2013-11-10 13:20 . 2013-11-10 13:20 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll2013-11-10 13:20 . 2013-11-10 13:20 44032 ----a-w- c:\windows\system32\tsgqec.dll2013-11-10 13:20 . 2013-11-10 13:20 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll2013-11-10 13:20 . 2013-11-10 13:20 384000 ----a-w- c:\windows\system32\wksprt.exe2013-11-10 13:20 . 2013-11-10 13:20 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll2013-11-10 13:20 . 2013-11-10 13:20 322560 ----a-w- c:\windows\system32\aaclient.dll2013-11-10 13:20 . 2013-11-10 13:20 3174912 ----a-w- c:\windows\system32\rdpcorets.dll2013-11-10 13:20 . 2013-11-10 13:20 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys2013-11-10 13:20 . 2013-11-10 13:20 269312 ----a-w- c:\windows\SysWow64\aaclient.dll2013-11-10 13:20 . 2013-11-10 13:20 243200 ----a-w- c:\windows\system32\rdpudd.dll2013-11-10 13:20 . 2013-11-10 13:20 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll2013-11-10 13:20 . 2013-11-10 13:20 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys2013-11-10 13:20 . 2013-11-10 13:20 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll2013-11-10 13:20 . 2013-11-10 13:20 18432 ----a-w- c:\windows\system32\wksprtPS.dll2013-11-10 13:20 . 2013-11-10 13:20 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll2013-11-10 13:20 . 2013-11-10 13:20 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-11-10 13:20 . 2013-11-10 13:20 1123840 ----a-w- c:\windows\system32\mstsc.exe2013-11-10 13:20 . 2013-11-10 13:20 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe2013-11-10 13:18 . 2013-11-10 13:18 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2013-11-10 13:18 . 2013-11-10 13:18 366592 ----a-w- c:\windows\system32\qdvd.dll2013-10-25 13:16 . 2013-10-25 13:16 885520 ----a-w- c:\windows\system32\Netwcw00.dll2013-10-25 13:16 . 2013-10-25 13:16 3381008 ----a-w- c:\windows\system32\Netwrw00.dll2013-10-25 13:16 . 2013-10-25 13:16 11525872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys2013-10-15 11:49 . 2013-10-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-10-15 11:49 . 2012-09-17 12:44 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-10-15 11:49 . 2011-09-26 15:49 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-10-14 07:12 . 2013-11-10 13:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61EE1E1-DB20-4404-AE1F-990C47189F4A}\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli FAPassSync.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched.R2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe;c:\windows\SYSNATIVE\dldtcoms.exe [x]R2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]R2 FedExAdminService;FedEx Administration Service;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe [x]R2 FedExLoggingService;FedEx Logging Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [x]R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe -hvFedExShipnetDBService;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe -hvFedExShipnetDBService [x]R2 FSMS Server Service;FSMS Server Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [x]R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]R2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]..Contents of the 'Scheduled Tasks' folder.2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 16:32].2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001Core1ce7959ef670907.job- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08].2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001UA.job- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Seagull Drivers"="ssdal_nc.exe startup" [X]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmIE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.htmlTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-FAStartup - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dllBHO-{36C46D25-499C-0CB9-9507-1612AE3D0B35} - c:\programdata\RoboSaver\mASyR.x64.dllBHO-{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A} - c:\programdata\Fun2Saavve\K_EG1f.x64.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07, be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99, 35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99, 0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f, be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2"{DA5BCE70-D057-4D63-943D-5F3927EC59F1}"=hex:51,66,7a,6c,4c,1d,38,12,1e,cd,48, de,65,9e,0d,08,eb,2b,1c,79,22,b2,1d,e5"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{36C46D25-499C-0CB9-9507-1612AE3D0B35}"=hex:51,66,7a,6c,4c,1d,38,12,4b,6e,d7, 32,ae,07,d7,49,ea,11,55,52,ab,63,4f,21"{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}"=hex:51,66,7a,6c,4c,1d,38,12,a9,56,dc, ad,dc,e8,98,46,14,ce,6f,fb,48,0c,92,9e.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:fb,9e,58,7b,ff,0a,cf,01.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-11 12:42:11 - machine was rebootedComboFix-quarantined-files.txt 2014-01-11 12:42.Pre-Run: 801,425,018,880 bytes freePost-Run: 800,964,014,080 bytes free.- - End Of File - - 6FF1F9DCC76135993254C9910D6A768D Link to post Share on other sites More sharing options...
Tomk1 Posted January 11, 2014 ID:776729 Share Posted January 11, 2014 COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:File::Folder::c:\programdata\Fun2Saavvec:\programdata\jpiokohghapeebfbepkjopjjnbobjpomc:\programdata\RoboSaverc:\programdata\899e2a65e4660192Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Link to post Share on other sites More sharing options...
lorcanf Posted January 13, 2014 Author ID:777324 Share Posted January 13, 2014 My PC is already running a lot better and the Fun2Saavve extension is gone thanks again for all your help!!!!!I've pasted the combofix log below_________________________________________________________________________________________ComboFix 14-01-13.01 - Galway Shop 13/01/2014 9:56.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.6049.4146 [GMT 0:00]Running from: c:\users\Galway Shop\Desktop\ComboFix.exeCommand switches used :: c:\users\Galway Shop\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\899e2a65e4660192c:\programdata\899e2a65e4660192\22c3997ee7059bcb69aa9aeb01f9c98c.inic:\programdata\899e2a65e4660192\91edd5c0e4a2c4a469aa9aeb01f9c98c.inic:\programdata\Fun2Saavvec:\programdata\Fun2Saavve\K_EG1f.datc:\programdata\Fun2Saavve\K_EG1f.tlbc:\programdata\jpiokohghapeebfbepkjopjjnbobjpomc:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\background.htmlc:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\CBVm660p.jsc:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\content.jsc:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\lsdb.jsc:\programdata\jpiokohghapeebfbepkjopjjnbobjpom\manifest.jsonc:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dllc:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dllc:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dllc:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dllc:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dllc:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dllc:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dllc:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dllc:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dllc:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dllc:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dllc:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dllc:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dllc:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dllc:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dllc:\programdata\RoboSaverc:\programdata\RoboSaver\mASyR.datc:\programdata\RoboSaver\mASyR.tlbc:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dllc:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1\dbdata.dll..((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 )))))))))))))))))))))))))))))))..2014-01-13 10:01 . 2014-01-13 10:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-01-13 10:01 . 2014-01-13 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-13 09:39 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41D009B2-A3E1-4EA0-AB5A-797A06CD72BF}\mpengine.dll2014-01-11 12:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\ProductData2014-01-11 10:57 . 2014-01-11 10:57 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-01-10 13:00 . 2014-01-10 13:00 -------- d-----w- c:\windows\ERUNT2014-01-10 12:52 . 2014-01-10 12:53 -------- d-----w- C:\AdwCleaner2014-01-09 15:49 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2014-01-09 15:49 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2014-01-09 15:49 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2014-01-09 15:49 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2014-01-09 15:49 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2014-01-09 15:42 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll2013-12-29 13:13 . 2013-12-29 13:13 -------- d-----w- c:\programdata\WebTect2013-12-28 09:49 . 2014-01-08 13:44 -------- d-----w- c:\windows\SysWow64\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-09 15:46 . 2012-02-09 10:37 90708896 ----a-w- c:\windows\system32\MRT.exe2013-12-11 16:32 . 2013-02-25 12:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 16:32 . 2011-09-26 15:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-11-21 17:36 . 2013-12-06 10:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52994EF-6B0B-4FDC-84F7-7AD0A9D1EFA3}\gapaengine.dll2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-10 13:20 . 2013-11-10 13:20 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe2013-11-10 13:20 . 2013-11-10 13:20 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys2013-11-10 13:20 . 2013-11-10 13:20 5773824 ----a-w- c:\windows\system32\mstscax.dll2013-11-10 13:20 . 2013-11-10 13:20 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll2013-11-10 13:20 . 2013-11-10 13:20 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll2013-11-10 13:20 . 2013-11-10 13:20 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll2013-11-10 13:20 . 2013-11-10 13:20 44032 ----a-w- c:\windows\system32\tsgqec.dll2013-11-10 13:20 . 2013-11-10 13:20 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll2013-11-10 13:20 . 2013-11-10 13:20 384000 ----a-w- c:\windows\system32\wksprt.exe2013-11-10 13:20 . 2013-11-10 13:20 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll2013-11-10 13:20 . 2013-11-10 13:20 322560 ----a-w- c:\windows\system32\aaclient.dll2013-11-10 13:20 . 2013-11-10 13:20 3174912 ----a-w- c:\windows\system32\rdpcorets.dll2013-11-10 13:20 . 2013-11-10 13:20 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys2013-11-10 13:20 . 2013-11-10 13:20 269312 ----a-w- c:\windows\SysWow64\aaclient.dll2013-11-10 13:20 . 2013-11-10 13:20 243200 ----a-w- c:\windows\system32\rdpudd.dll2013-11-10 13:20 . 2013-11-10 13:20 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll2013-11-10 13:20 . 2013-11-10 13:20 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys2013-11-10 13:20 . 2013-11-10 13:20 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll2013-11-10 13:20 . 2013-11-10 13:20 18432 ----a-w- c:\windows\system32\wksprtPS.dll2013-11-10 13:20 . 2013-11-10 13:20 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll2013-11-10 13:20 . 2013-11-10 13:20 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-11-10 13:20 . 2013-11-10 13:20 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-11-10 13:20 . 2013-11-10 13:20 1123840 ----a-w- c:\windows\system32\mstsc.exe2013-11-10 13:20 . 2013-11-10 13:20 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe2013-11-10 13:18 . 2013-11-10 13:18 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2013-11-10 13:18 . 2013-11-10 13:18 366592 ----a-w- c:\windows\system32\qdvd.dll2013-10-25 13:16 . 2013-10-25 13:16 885520 ----a-w- c:\windows\system32\Netwcw00.dll2013-10-25 13:16 . 2013-10-25 13:16 3381008 ----a-w- c:\windows\system32\Netwrw00.dll2013-10-25 13:16 . 2013-10-25 13:16 11525872 ----a-w- c:\windows\system32\drivers\Netwsw00.sys2013-10-15 11:49 . 2013-10-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-10-15 11:49 . 2012-09-17 12:44 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-10-15 11:49 . 2011-09-26 15:49 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"FAStartup"="" [bU].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli FAPassSync.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched.R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/26 11:03;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv52.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe;c:\windows\SYSNATIVE\dldtcoms.exe [x]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]S2 FedExAdminService;FedEx Administration Service;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe;c:\program files (x86)\FedEx\GSMW\BIN\AdminService.exe [x]S2 FedExLoggingService;FedEx Logging Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Common.LoggingService.exe [x]S2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe -hvFedExShipnetDBService;c:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exe -hvFedExShipnetDBService [x]S2 FSMS Server Service;FSMS Server Service;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe;c:\program files (x86)\FedEx\GSMW\BIN\FedEx.Gsm.Wpro.ApplicationEngine.Service.exe [x]S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]S2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe;c:\program files (x86)\Common Files\Materialise\LicenseFiles\LicSrv50.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.Contents of the 'Scheduled Tasks' folder.2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 16:32].2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001Core1ce7959ef670907.job- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08].2014-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471368945-2566149098-2719202178-1001UA.job- c:\users\Galway Shop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 17:08]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [bU].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C46D25-499C-0CB9-9507-1612AE3D0B35}]c:\programdata\RoboSaver\mASyR.x64.dll [bU].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}]c:\programdata\Fun2Saavve\K_EG1f.x64.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Seagull Drivers"="ssdal_nc.exe startup" [X]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmIE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.htmlTCP: DhcpNameServer = 192.168.1.254..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07, be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99, 35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99, 0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f, be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2"{DA5BCE70-D057-4D63-943D-5F3927EC59F1}"=hex:51,66,7a,6c,4c,1d,38,12,1e,cd,48, de,65,9e,0d,08,eb,2b,1c,79,22,b2,1d,e5"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{36C46D25-499C-0CB9-9507-1612AE3D0B35}"=hex:51,66,7a,6c,4c,1d,38,12,4b,6e,d7, 32,ae,07,d7,49,ea,11,55,52,ab,63,4f,21"{A9CF55C7-A6EE-03F6-6BD8-2CBB4D52D68A}"=hex:51,66,7a,6c,4c,1d,38,12,a9,56,dc, ad,dc,e8,98,46,14,ce,6f,fb,48,0c,92,9e.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:fb,9e,58,7b,ff,0a,cf,01.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\rundll32.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbsrv11.exec:\program files (x86)\FedEx\GSMW\SQLAnywhere\Bin32\dbeng11.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe.**************************************************************************.Completion time: 2014-01-13 10:22:04 - machine was rebootedComboFix-quarantined-files.txt 2014-01-13 10:22ComboFix2.txt 2014-01-11 12:42.Pre-Run: 802,001,158,144 bytes freePost-Run: 801,533,255,680 bytes free.- - End Of File - - B412EFB97D7E8949F2C896459E71035F Link to post Share on other sites More sharing options...
Tomk1 Posted January 13, 2014 ID:777443 Share Posted January 13, 2014 That's looking good. Let's get an online scan (be prepared. This scan will take hours): ESET Online Scanner:Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu. Please go here then click on: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyNow click on: The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.When completed the Online Scan will begin automatically.Do not touch either the Mouse or keyboard during the scan otherwise it may stall.When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!Now click on: Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 17, 2014 Root Admin ID:779037 Share Posted January 17, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts