Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype virus with hijackthis log


  • This topic is locked This topic is locked
5 replies to this topic

#1 jjssj1

jjssj1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 May 2013 - 07:35 AM

In my skype. Contacts are getting random messages. Otherwise the pc is fine. I've checked msconfig. Run anti-malware it just picks up cookies, ive run ccleaner.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:00, on 24/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Users\J\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\VodBurner\vodburner.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\VodBurner\vodburner.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
D:\Program Files (x86)\Postbox\postbox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\MixMeister Fusion\FusionDemo.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\J\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [diskperf.exe] C:\Users\J\AppData\Roaming\Corel\Painter 12\Default\Color Sets\choice.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: SolidWorks Background Downloader.lnk = ?
O8 - Extra context menu item: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Se&nd to OneNote - res://D:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Autodesk Simulation Moldflow MITSI 2014 Job Manager (mitsijm2014) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Solver for Flow Simulation 2013 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 13874 bytes
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 27 May 2013 - 09:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    HijackThis doesn't handle Windows 7 well. In your case I need to see a final DDS Log.
    You should remove HijackThis using the Add/Remove Programs list.

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.
  • [/list]


#3 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 28 May 2013 - 01:11 PM

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 19:05:19
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : J - J-PC
# Boot Mode : Normal
# Running from : C:\Users\J\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\J\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\bti1tdln.default\prefs.js

C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\bti1tdln.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1886 octets] - [28/05/2013 19:04:02]
AdwCleaner[R2].txt - [1946 octets] - [28/05/2013 19:04:52]
AdwCleaner[S1].txt - [2005 octets] - [28/05/2013 19:05:19]

########## EOF - C:\AdwCleaner[S1].txt - [2065 octets] ##########
 

 

omboFix 13-05-28.02 - J 28/05/2013  19:12:42.1.12 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.32708.29700 [GMT 1:00]
Running from: c:\users\J\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\J\AppData\Roaming\Corel\Painter 12\Default\Color Sets\choice.exe
c:\users\J\Desktop\Setup.exe
c:\windows\7Loader.TAG
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-28 to 2013-05-28  )))))))))))))))))))))))))))))))
.
.
2013-05-28 18:14 . 2013-05-28 18:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-28 11:16 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{613A383F-6B11-4DF7-B20E-CCBCC4D3E23E}\mpengine.dll
2013-05-26 19:51 . 2013-05-26 19:51    --------    d-----w-    c:\programdata\Alias
2013-05-26 14:46 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-24 21:21 . 2013-05-24 21:21    --------    d-----w-    c:\users\J\AppData\Roaming\TuneUp Software
2013-05-24 21:20 . 2013-05-28 18:14    --------    d-----w-    c:\programdata\MFAData
2013-05-24 21:20 . 2013-05-24 21:20    --------    d--h--w-    c:\programdata\Common Files
2013-05-24 21:20 . 2013-05-24 21:20    --------    d-----w-    c:\users\J\AppData\Local\MFAData
2013-05-23 14:33 . 2013-05-23 14:33    --------    d-----w-    c:\program files (x86)\VodBurner
2013-05-23 13:57 . 2013-05-09 08:58    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-23 13:49 . 2013-05-24 10:25    --------    d-----w-    c:\programdata\AVAST Software
2013-05-23 12:07 . 2013-05-23 12:07    --------    d-----w-    c:\program files (x86)\ESET
2013-05-22 10:08 . 2013-05-22 10:08    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{049C427C-E586-426C-B6DB-7BA587384144}\gapaengine.dll
2013-05-20 12:19 . 2013-05-20 12:19    --------    d-----w-    c:\programdata\Samsung
2013-05-18 17:11 . 2013-05-18 17:11    --------    d-----w-    c:\program files\SAMSUNG
2013-05-18 16:40 . 2013-05-24 21:12    --------    d-----w-    C:\Samsung Galaxy S3 ToolKit
2013-05-18 15:14 . 2013-05-20 12:10    --------    d-----w-    c:\users\J\AppData\Local\Samsung
2013-05-18 15:09 . 2013-04-18 18:08    4659712    ----a-w-    c:\windows\SysWow64\Redemption.dll
2013-05-18 15:08 . 2013-05-20 12:09    --------    d-----w-    c:\program files (x86)\Samsung
2013-05-17 00:12 . 2013-05-17 00:12    --------    d-----w-    c:\users\J\AppData\Roaming\SumatraPDF
2013-05-17 00:12 . 2013-05-17 00:12    --------    d-----w-    c:\program files (x86)\SumatraPDF
2013-05-16 22:03 . 2013-05-16 22:03    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-16 22:03 . 2013-05-16 22:03    --------    d-----w-    c:\program files\iTunes
2013-05-16 22:03 . 2013-05-16 22:03    --------    d-----w-    c:\program files\iPod
2013-05-14 13:16 . 2013-05-14 13:17    --------    d-----w-    C:\NST
2013-05-06 14:10 . 2013-05-06 14:10    --------    d-----w-    C:\wamp
2013-05-05 20:08 . 2013-05-05 20:08    --------    d-sh--w-    c:\users\J\AppData\Roaming\wyUpdate AU
2013-05-05 20:08 . 2013-05-05 20:08    --------    d-----w-    c:\users\J\AppData\Roaming\Molura
2013-05-05 20:08 . 2013-05-05 20:08    --------    d-----w-    c:\users\J\AppData\Local\Molura
2013-05-04 20:40 . 2013-05-04 20:40    --------    d-----w-    c:\users\J\AppData\Roaming\WTablet
2013-05-04 20:38 . 2013-05-04 20:38    35643638    ----a-w-    C:\pro635-3.exe
2013-05-01 12:38 . 2013-05-01 12:38    --------    d-----w-    c:\users\J\AppData\Roaming\AtomPark
2013-05-01 11:46 . 2013-05-01 11:46    --------    d-----w-    c:\users\J\AppData\Roaming\Maxprog
2013-04-30 14:48 . 2013-04-30 14:48    --------    d-----w-    c:\users\J\AppData\Roaming\com.aligmarketing.slf
2013-04-30 13:36 . 2013-04-30 13:38    --------    d-----w-    c:\users\J\AppData\Roaming\GSA Email Spider
2013-04-30 13:36 . 2009-05-06 09:14    319227    ----a-w-    c:\windows\SysWow64\libssl32.dll
2013-04-30 13:36 . 2009-05-06 09:14    1420110    ----a-w-    c:\windows\SysWow64\libeay32.dll
2013-04-30 08:31 . 2013-04-30 08:31    --------    d-----w-    c:\users\J\AppData\Roaming\CircuitWorks
2013-04-29 20:09 . 2013-04-29 20:09    --------    d-----w-    c:\program files\VCG
2013-04-29 19:46 . 2011-01-20 10:10    884736    ----a-w-    c:\windows\SKPUtils.exe
2013-04-29 19:46 . 2010-11-12 12:17    3457024    ----a-w-    c:\windows\SketchUpReader.dll
2013-04-29 19:46 . 2010-11-12 12:12    2359296    ----a-w-    c:\windows\xerces-c_2_6.dll
2013-04-29 19:46 . 2010-10-11 14:55    3100672    ----a-w-    c:\windows\DXLib80U.dll
2013-04-29 19:46 . 2010-10-11 10:43    278528    ----a-w-    c:\windows\SYCLicense_100811.dll
2013-04-29 19:46 . 2013-05-02 12:28    --------    d-----w-    c:\program files (x86)\SYCODE
2013-04-29 19:46 . 2011-01-20 09:20    917504    ----a-w-    c:\windows\SKPLib.dll
2013-04-29 19:46 . 2011-01-03 10:18    10846208    ----a-w-    c:\windows\DDLib.dll
2013-04-29 19:46 . 2010-10-11 14:00    528384    ----a-w-    c:\windows\SYCGUI.dll
2013-04-29 19:46 . 2010-10-11 13:59    3325952    ----a-w-    c:\windows\DXLib60.dll
2013-04-29 19:46 . 2010-10-11 13:59    5980160    ----a-w-    c:\windows\MeshLib.dll
2013-04-29 17:30 . 2013-04-29 17:30    --------    d-----w-    c:\users\J\AppData\Local\IsolatedStorage
2013-04-29 17:28 . 2013-05-02 12:19    --------    d-----w-    c:\users\J\AppData\Roaming\Geomagic
2013-04-29 17:28 . 2013-05-02 12:19    --------    d-----w-    c:\program files\Geomagic
2013-04-29 17:27 . 2013-04-29 17:27    --------    d-----w-    c:\users\J\AppData\Local\{D8249FC8-674F-449C-A216-BC27264526B5}
2013-04-29 15:27 . 2013-05-14 13:29    --------    d-----w-    c:\users\J\AppData\Roaming\HexChat
2013-04-29 15:22 . 2013-04-29 15:22    --------    d-----w-    c:\program files (x86)\xchat
2013-04-29 12:32 . 2013-04-29 12:33    --------    d-----w-    c:\windows\KJ
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 15:22 . 2013-03-20 00:51    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 15:22 . 2013-03-20 00:51    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-27 12:34 . 2013-04-27 12:34    97280    ------w-    C:\bootsect.exe
2013-04-27 00:40 . 2013-04-27 00:40    16896    ----a-w-    c:\windows\AsTaskSched.dll
2013-04-27 00:39 . 2013-04-27 00:39    28672    ----a-w-    c:\windows\SysWow64\AsIO.dll
2013-04-27 00:39 . 2013-04-27 00:39    13440    ----a-w-    c:\windows\SysWow64\drivers\AsIO.sys
2013-04-25 07:11 . 2013-04-25 07:11    388096    ----a-r-    c:\users\J\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 16:50 . 2013-04-24 16:50    887800    ----a-r-    c:\users\J\AppData\Roaming\Microsoft\Installer\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}\TweetDeck.exe
2013-04-24 08:22 . 2013-04-24 08:22    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-18 18:06 . 2013-04-18 18:06    974848    ----a-w-    c:\windows\SysWow64\cis-2.4.dll
2013-04-18 18:06 . 2013-04-18 18:06    81920    ----a-w-    c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-04-18 18:06 . 2013-04-18 18:06    65536    ----a-w-    c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-04-18 18:06 . 2013-04-18 18:06    57344    ----a-w-    c:\windows\SysWow64\MTXSYNCICON.dll
2013-04-18 18:06 . 2013-04-18 18:06    57344    ----a-w-    c:\windows\SysWow64\MK_Lyric.dll
2013-04-18 18:06 . 2013-04-18 18:06    57344    ----a-w-    c:\windows\SysWow64\issacapi_se-2.3.dll
2013-04-18 18:06 . 2013-04-18 18:06    569344    ----a-w-    c:\windows\SysWow64\muzdecode.ax
2013-04-18 18:06 . 2013-04-18 18:06    491520    ----a-w-    c:\windows\SysWow64\muzapp.dll
2013-04-18 18:06 . 2013-04-18 18:06    49152    ----a-w-    c:\windows\SysWow64\MaJGUILib.dll
2013-04-18 18:06 . 2013-04-18 18:06    45320    ----a-w-    c:\windows\SysWow64\MAMACExtract.dll
2013-04-18 18:06 . 2013-04-18 18:06    45056    ----a-w-    c:\windows\SysWow64\MaXMLProto.dll
2013-04-18 18:06 . 2013-04-18 18:06    45056    ----a-w-    c:\windows\SysWow64\MACXMLProto.dll
2013-04-18 18:06 . 2013-04-18 18:06    40960    ----a-w-    c:\windows\SysWow64\MTTELECHIP.dll
2013-04-18 18:06 . 2013-04-18 18:06    352256    ----a-w-    c:\windows\SysWow64\MSLUR71.dll
2013-04-18 18:06 . 2013-04-18 18:06    258048    ----a-w-    c:\windows\SysWow64\muzoggsp.ax
2013-04-18 18:06 . 2013-04-18 18:06    245760    ----a-w-    c:\windows\SysWow64\MSCLib.dll
2013-04-18 18:06 . 2013-04-18 18:06    24576    ----a-w-    c:\windows\SysWow64\MASetupCleaner.exe
2013-04-18 18:06 . 2013-04-18 18:06    200704    ----a-w-    c:\windows\SysWow64\muzwmts.dll
2013-04-18 18:06 . 2013-04-18 18:06    155648    ----a-w-    c:\windows\SysWow64\MSFLib.dll
2013-04-18 18:06 . 2013-04-18 18:06    143360    ----a-w-    c:\windows\SysWow64\3DAudio.ax
2013-04-18 18:06 . 2013-04-18 18:06    135168    ----a-w-    c:\windows\SysWow64\muzaf1.dll
2013-04-18 18:06 . 2013-04-18 18:06    131072    ----a-w-    c:\windows\SysWow64\muzmpgsp.ax
2013-04-18 18:06 . 2013-04-18 18:06    122880    ----a-w-    c:\windows\SysWow64\muzeffect.ax
2013-04-18 18:06 . 2013-04-18 18:06    118784    ----a-w-    c:\windows\SysWow64\MaDRM.dll
2013-04-18 18:06 . 2013-04-18 18:06    110592    ----a-w-    c:\windows\SysWow64\muzmp4sp.ax
2013-04-12 18:53 . 2013-04-12 18:53    46280    ----a-w-    c:\windows\system32\drivers\hssdrv6.sys
2013-04-12 14:45 . 2013-04-25 07:06    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:50 . 2013-04-01 13:14    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-04 04:35 . 2013-03-20 19:51    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-01 18:58 . 2013-03-20 00:27    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-03-29 22:11 . 2013-03-29 22:11    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-29 22:11 . 2013-03-29 22:11    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 22:11 . 2013-03-29 22:11    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-29 22:11 . 2013-03-29 22:11    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-29 22:11 . 2013-03-29 22:11    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-29 22:11 . 2013-03-29 22:11    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-29 22:11 . 2013-03-29 22:11    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 22:11 . 2013-03-29 22:11    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 22:11 . 2013-03-29 22:11    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-29 22:11 . 2013-03-29 22:11    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-29 22:11 . 2013-03-29 22:11    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-29 22:11 . 2013-03-29 22:11    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-29 22:11 . 2013-03-29 22:11    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-29 22:11 . 2013-03-29 22:11    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-29 22:11 . 2013-03-29 22:11    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-29 22:11 . 2013-03-29 22:11    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-29 22:11 . 2013-03-29 22:11    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-29 22:11 . 2013-03-29 22:11    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-29 22:11 . 2013-03-29 22:11    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-29 22:11 . 2013-03-29 22:11    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-29 22:11 . 2013-03-29 22:11    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-29 22:11 . 2013-03-29 22:11    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-29 22:11 . 2013-03-29 22:11    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-29 22:11 . 2013-03-29 22:11    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-29 22:11 . 2013-03-29 22:11    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-29 22:11 . 2013-03-29 22:11    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-29 22:11 . 2013-03-29 22:11    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-29 22:11 . 2013-03-29 22:11    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-29 22:11 . 2013-03-29 22:11    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-29 22:11 . 2013-03-29 22:11    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-29 22:11 . 2013-03-29 22:11    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-29 22:11 . 2013-03-29 22:11    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-29 22:11 . 2013-03-29 22:11    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-29 22:11 . 2013-03-29 22:11    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-29 22:11 . 2013-03-29 22:11    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-29 22:11 . 2013-03-29 22:11    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-29 22:11 . 2013-03-29 22:11    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-29 22:11 . 2013-03-29 22:11    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-29 22:11 . 2013-03-29 22:11    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-29 22:11 . 2013-03-29 22:11    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-29 22:11 . 2013-03-29 22:11    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-29 22:11 . 2013-03-29 22:11    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-29 22:11 . 2013-03-29 22:11    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-29 22:11 . 2013-03-29 22:11    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-29 22:11 . 2013-03-29 22:11    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-29 22:11 . 2013-03-29 22:11    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-29 22:11 . 2013-03-29 22:11    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 22:11 . 2013-03-29 22:11    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 22:11 . 2013-03-29 22:11    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-28 20:40 . 2013-03-28 20:40    2341928    ----a-w-    c:\windows\system32\SRACAVIControl.ocx
2013-03-28 12:00 . 2013-03-28 12:00    47944    ----a-w-    c:\windows\system32\AcSignIcon.dll
2013-03-28 12:00 . 2013-03-28 12:00    436552    ----a-w-    c:\windows\system32\AcSignOpt.exe
2013-03-28 12:00 . 2013-03-28 12:00    36168    ----a-w-    c:\windows\system32\AcSignExt.dll
2013-03-28 12:00 . 2013-03-28 12:00    2313544    ----a-w-    c:\windows\system32\styleman.cpl
2013-03-28 12:00 . 2013-03-28 12:00    2313544    ----a-w-    c:\windows\system32\plotman.cpl
2013-03-28 12:00 . 2013-03-28 12:00    17736    ----a-w-    c:\windows\system32\AcSignExtRes.dll
2013-03-21 21:37 . 2013-03-21 21:37    53248    ----a-r-    c:\users\J\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-03-21 09:55 . 2013-03-21 09:55    836544    ----a-w-    c:\windows\system32\tadefxapo264.dll
2013-03-21 09:55 . 2013-03-21 09:55    65944    ----a-w-    c:\windows\system32\tepeqapo64.dll
2013-03-21 09:55 . 2013-03-21 09:55    518896    ----a-w-    c:\windows\system32\SRSTSX64.dll
.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by J at 19:20:36 on 2013-05-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.32708.29672 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\J\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\sppsvc.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\J\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\J\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02D95823-530D-4742-8C41-19145F548238} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{3F465E0D-99B6-4DE9-BBB2-89590A3F54DA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\bti1tdln.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\J\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - ExtSQL: 2013-04-01 01:17; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\bti1tdln.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
.
---- FIREFOX POLICIES ----
FF - user.js:  -
FF - user.js: security.enable_tls - false
FF - user.js: network.http.accept-encoding -
FF - user.js: secnetwork.http.accept-encodingurity.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-19 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-4-12 46280]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-2-23 545576]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-4-12 390440]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2013-2-22 218248]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-5-4 613688]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-3-21 14320]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-22 42184]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-3-21 82416]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-3-20 15776]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2013-4-27 586880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-3-20 142120]
S3 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2013-3-28 77352]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-22 1471352]
S3 mitsijm2014;Autodesk Simulation Moldflow MITSI 2014 Job Manager;C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [2013-1-25 952608]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-4-27 31800]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Downloads\RealTemp_3.00-[Guru3D.com]\WinRing0x64.sys [2008-7-26 14544]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-7 239616]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-05-28 18:15:59    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{613A383F-6B11-4DF7-B20E-CCBCC4D3E23E}\offreg.dll
2013-05-28 18:15:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-28 18:12:16    98816    ----a-w-    C:\Windows\sed.exe
2013-05-28 18:12:16    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-28 18:12:16    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-28 18:12:15    --------    d-----w-    C:\ComboFix
2013-05-28 11:16:32    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{613A383F-6B11-4DF7-B20E-CCBCC4D3E23E}\mpengine.dll
2013-05-26 19:51:04    --------    d-----w-    C:\ProgramData\Alias
2013-05-26 14:46:24    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-24 21:21:50    --------    d-----w-    C:\Users\J\AppData\Roaming\TuneUp Software
2013-05-24 21:20:41    --------    d--h--w-    C:\ProgramData\Common Files
2013-05-24 21:20:41    --------    d-----w-    C:\Users\J\AppData\Local\MFAData
2013-05-24 21:20:41    --------    d-----w-    C:\ProgramData\MFAData
2013-05-23 14:33:45    --------    d-----w-    C:\Program Files (x86)\VodBurner
2013-05-23 13:49:02    --------    d-----w-    C:\ProgramData\AVAST Software
2013-05-23 12:07:36    --------    d-----w-    C:\Program Files (x86)\ESET
2013-05-22 10:08:56    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{049C427C-E586-426C-B6DB-7BA587384144}\gapaengine.dll
2013-05-20 12:19:27    --------    d-----w-    C:\ProgramData\Samsung
2013-05-18 17:11:14    --------    d-----w-    C:\Program Files\SAMSUNG
2013-05-18 16:40:37    --------    d-----w-    C:\Samsung Galaxy S3 ToolKit
2013-05-18 15:14:33    --------    d-----w-    C:\Users\J\AppData\Local\Samsung
2013-05-18 15:09:27    4659712    ----a-w-    C:\Windows\SysWow64\Redemption.dll
2013-05-18 15:08:59    --------    d-----w-    C:\Program Files (x86)\Samsung
2013-05-17 00:12:54    --------    d-----w-    C:\Users\J\AppData\Roaming\SumatraPDF
2013-05-17 00:12:51    --------    d-----w-    C:\Program Files (x86)\SumatraPDF
2013-05-16 22:03:12    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-16 22:03:12    --------    d-----w-    C:\Program Files\iTunes
2013-05-16 22:03:12    --------    d-----w-    C:\Program Files\iPod
2013-05-14 13:16:40    --------    d-----w-    C:\NST
2013-05-06 14:10:01    --------    d-----w-    C:\wamp
2013-05-05 20:08:36    --------    d-sh--w-    C:\Users\J\AppData\Roaming\wyUpdate AU
2013-05-05 20:08:36    --------    d-----w-    C:\Users\J\AppData\Roaming\Molura
2013-05-05 20:08:23    --------    d-----w-    C:\Users\J\AppData\Local\Molura
2013-05-04 20:40:29    --------    d-----w-    C:\Users\J\AppData\Roaming\WTablet
2013-05-04 20:38:14    35643638    ----a-w-    C:\pro635-3.exe
2013-05-01 12:38:42    --------    d-----w-    C:\Users\J\AppData\Roaming\AtomPark
2013-05-01 11:46:39    --------    d-----w-    C:\Users\J\AppData\Roaming\Maxprog
2013-04-30 14:48:11    --------    d-----w-    C:\Users\J\AppData\Roaming\com.aligmarketing.slf
2013-04-30 13:36:14    319227    ----a-w-    C:\Windows\SysWow64\libssl32.dll
2013-04-30 13:36:14    1420110    ----a-w-    C:\Windows\SysWow64\libeay32.dll
2013-04-30 13:36:14    --------    d-----w-    C:\Users\J\AppData\Roaming\GSA Email Spider
2013-04-30 08:31:03    --------    d-----w-    C:\Users\J\AppData\Roaming\CircuitWorks
2013-04-29 20:09:42    --------    d-----w-    C:\Program Files\VCG
2013-04-29 19:46:52    884736    ----a-w-    C:\Windows\SKPUtils.exe
2013-04-29 19:46:52    3457024    ----a-w-    C:\Windows\SketchUpReader.dll
2013-04-29 19:46:52    3100672    ----a-w-    C:\Windows\DXLib80U.dll
2013-04-29 19:46:52    278528    ----a-w-    C:\Windows\SYCLicense_100811.dll
2013-04-29 19:46:52    2359296    ----a-w-    C:\Windows\xerces-c_2_6.dll
2013-04-29 19:46:51    917504    ----a-w-    C:\Windows\SKPLib.dll
2013-04-29 19:46:51    5980160    ----a-w-    C:\Windows\MeshLib.dll
2013-04-29 19:46:51    528384    ----a-w-    C:\Windows\SYCGUI.dll
2013-04-29 19:46:51    3325952    ----a-w-    C:\Windows\DXLib60.dll
2013-04-29 19:46:51    10846208    ----a-w-    C:\Windows\DDLib.dll
2013-04-29 19:46:51    --------    d-----w-    C:\Program Files (x86)\SYCODE
2013-04-29 17:30:29    --------    d-----w-    C:\Users\J\AppData\Local\IsolatedStorage
2013-04-29 17:28:47    --------    d-----w-    C:\Users\J\AppData\Roaming\Geomagic
2013-04-29 17:28:33    --------    d-----w-    C:\Program Files\Geomagic
2013-04-29 17:27:44    --------    d-----w-    C:\Users\J\AppData\Local\{D8249FC8-674F-449C-A216-BC27264526B5}
2013-04-29 15:27:22    --------    d-----w-    C:\Users\J\AppData\Roaming\HexChat
2013-04-29 15:22:46    --------    d-----w-    C:\Program Files (x86)\xchat
2013-04-29 12:33:12    405881    ----a-w-    C:\Windows\KJ.exe
2013-04-29 12:32:55    --------    d-----w-    C:\Windows\KJ
.
==================== Find3M  ====================
.
2013-05-14 15:22:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 15:22:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-27 12:34:23    97280    ------w-    C:\bootsect.exe
2013-04-27 00:40:19    16896    ----a-w-    C:\Windows\AsTaskSched.dll
2013-04-27 00:39:08    28672    ----a-w-    C:\Windows\SysWow64\AsIO.dll
2013-04-27 00:39:08    13440    ----a-w-    C:\Windows\SysWow64\drivers\AsIO.sys
2013-04-12 18:53:02    46280    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-04 13:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-04 04:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-28 20:40:02    2341928    ----a-w-    C:\Windows\System32\SRACAVIControl.ocx
2013-03-28 12:00:00    47944    ----a-w-    C:\Windows\System32\AcSignIcon.dll
2013-03-28 12:00:00    436552    ----a-w-    C:\Windows\System32\AcSignOpt.exe
2013-03-28 12:00:00    36168    ----a-w-    C:\Windows\System32\AcSignExt.dll
2013-03-28 12:00:00    2313544    ----a-w-    C:\Windows\System32\styleman.cpl
2013-03-28 12:00:00    2313544    ----a-w-    C:\Windows\System32\plotman.cpl
2013-03-28 12:00:00    17736    ----a-w-    C:\Windows\System32\AcSignExtRes.dll
2013-03-20 19:51:36    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-20 19:51:36    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-20 02:19:48    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-03-20 00:35:47    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-17 18:42:53    99520    ----a-w-    C:\Windows\System32\NicInstC.dll
2013-03-17 18:42:53    72360    ----a-w-    C:\Windows\System32\e1cmsg.dll
2013-03-17 18:42:53    523136    ----a-w-    C:\Windows\System32\PROUnstl.exe
2013-03-17 18:42:53    514736    ----a-w-    C:\Windows\System32\drivers\e1c62x64.sys
2013-03-17 18:42:53    36472    ----a-w-    C:\Windows\System32\NicCo36.dll
2013-03-17 18:42:48    316064    ----a-w-    C:\Windows\System32\PRONtObj.dll
2013-03-17 18:42:48    162984    ----a-w-    C:\Windows\System32\drivers\iANSW60e.sys
2013-03-01 03:36:04    3153408    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 19:20:40.65 ===============

 

.Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox 20.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)  (it is an ssd)
````````````````````End of Log``````````````````````
 

A few programs background programs failing, but otherwise ill keep an eye on skype


Edited by jjssj1, 28 May 2013 - 01:26 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 29 May 2013 - 07:23 AM

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
===

A few programs background programs failing

Can you elaborate?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 04 June 2013 - 09:12 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 PM

Posted 10 June 2013 - 07:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users