Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Right click on files and folder runs a script/exe and then opens context menu


  • This topic is locked This topic is locked
14 replies to this topic

#1 jackcloe

jackcloe

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 22 June 2013 - 09:13 AM

I was infected by Ransom Virus few weeks ago but i cleaned it. It is possible that I was infected by some other viruses during that time. But currently my system is clean as per SuperAntiVirus, Hitman Pro, McAfee, ActiveScan from Panda and many other virus scanners/tools including Rogue Killer, TDSS Killer etc.

 

Unfortunately, when I right click on a file or a folder on desktop or in Explorer, I receive the following error msg.

---

There was a problem starting

c:\Users\Jack\AppData\temp\svqtdic\sbntppt\wow.dll

 

A dynamic link library (DLL) initialization routine failed.

---

 

and context menu opens.

 

I believe that his is a remnant of a virus. Interestingly, right click on Desktop or sys folder like Libraries or Computer does not produce the error.

 

Earlier Hitman Pro had detected wow.dll as a trojan in Windows\Temp\sbsbprt folder (not in path mentioned in error msg) . When i tried to see in Temp folder, i could not see sbsbprt folder or wow.dll. I restarted in safe mode and shredded Temp folder with McAfee and then Hitman could not find wow.dll anymore.

 

I think that a virus changed Right Click functionality (like in a game where right click fires secondary weapon) by running a script/exe. I cannot find any help to reconfigure right click to its normal behaviour.

 

Any help will be greatly appreciated.

 

PS: HijackThis log file is attached herewith.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 25 June 2013 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    HijackThis doesn't handle Windows 7 well. In your case I need to see a final DDS Log.
    You should remove HijackThis using the Add/Remove Programs list. Use the DDS tool from now on.

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 27 June 2013 - 04:59 PM

Thanks Nasdaq for your help.


Here are result of AdwCleaner:

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 14:54:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jack - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk ( arg. : /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0)
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Users\Jack\AppData\Local\PackageAware

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\Software\DownTango
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Jack\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2453 octets] - [26/06/2013 14:54:40]

########## EOF - C:\AdwCleaner[R1].txt - [2513 octets] ##########

Result of JRT :
The first run gave some errors but at the same time my McAfee detected virus in wow.dll and demanded restart. So restarted computer. Then to I reran JRT thinking it will create another log file but it overwrote on the first log. The second log is :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jack on Thu
06/27/2013 at 13:10:00.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at 13:16:16.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


When JRT was running, i noticed that it was showing some extra info in its dos window. So I copied that which is as under:


Press any key to continue . . .

Creating a registry backup
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Checking Startup
Checking Modules
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Checking Processes
Checking Services
Checking Files
Checking Folders
Checking Registry
Checking Internet Explorer
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Clearing Event Viewer Logs
Checking Shortcuts

I went into registry and cleared the source. Then subsequent runs of JRT displayed no additional msg.

DDS results are:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 1.7.0_09
Run by Jack at 13:22:23 on 2013-06-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2631 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://samsung.msn.com
uProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STICKY~1.LNK - C:\Windows\System32\StikyNot.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\25164675966696 : DHCPNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\47F697F64716F536573747F6D65627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\C6962627162797D21607 : DHCPNameServer = 198.207.222.99 10.1.200.3
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\D6C637075726C69636 : DHCPNameServer = 164.58.253.10 164.58.253.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-8-4 340216]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2013-6-22 33800]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-12-8 13824]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-21 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-4 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-4 182752]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-2 3574624]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-4 70112]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-9 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-9 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-21 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-4 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-4 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 409192]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-10-5 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-21 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S2 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2012-8-5 4608]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-26 1431888]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-9 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-4 106552]
S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2012-10-20 218608]
S3 MSOLAP$MSSQLSERVER2012;SQL Server Analysis Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [2012-10-20 72497640]
S3 MSSQL$MSSQLSERVER2012;SQL Server (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [2012-10-20 191976]
S3 MSSQL$SQLSERVERBID;SQL Server (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe [2008-8-11 57820696]
S3 MSSQLFDLauncher$MSSQLSERVER2012;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-3-30 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-3-30 9584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]
S3 ReportServer$MSSQLSERVER2012;SQL Server Reporting Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-10-20 2423792]
S3 ReportServer$SQLSERVERBID;SQL Server Reporting Services (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
S3 SQLAgent$MSSQLSERVER2012;SQL Server Agent (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [2012-10-20 612848]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S3 SQLAgent$SQLSERVERBID;SQL Server Agent (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE [2008-8-11 430616]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-8-5 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [2009-3-30 311640]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 RsFx0201;RsFx0201 Driver;C:\Windows\System32\drivers\RsFx0201.sys [2012-10-20 336880]
S4 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-12-8 166704]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-06-27 16:06:23 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-06-26 20:18:00 -------- d-----w- C:\Windows\ERUNT
2013-06-26 20:17:32 -------- d-----w- C:\JRT
2013-06-25 21:34:12 -------- d-----w- C:\Program Files\SystemRequirementsLab
2013-06-25 21:24:03 -------- d-----w- C:\ProgramData\Uniblue
2013-06-24 01:59:16 -------- d-----w- C:\Users\Jack\AppData\Roaming\gsak
2013-06-22 11:58:44 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2013-06-22 11:58:39 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-06-21 20:42:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-21 18:13:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-21 18:13:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 20:38:00 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-06-16 20:38:00 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-06-16 20:38:00 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-06-16 20:38:00 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-06-16 20:38:00 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-06-16 20:37:59 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-06-16 20:37:58 -------- d-----w- C:\Program Files (x86)\Xvid
2013-06-13 23:00:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-13 23:00:10 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-13 23:00:09 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-13 23:00:08 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-13 23:00:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-13 23:00:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-13 23:00:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-13 23:00:06 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-13 23:00:05 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-13 23:00:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-13 22:59:26 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-13 22:59:25 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-13 22:58:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-13 22:58:53 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-13 22:58:52 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-13 22:58:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-13 22:58:50 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-13 22:58:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-13 22:58:49 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-11 23:41:11 61304 ----a-w- C:\Users\Jack\g2mdlhlpx.exe
2013-06-10 20:19:59 208216 ----a-w- C:\Windows\System32\drivers\83954579.sys
2013-06-02 15:24:16 -------- d-----w- C:\Program Files (x86)\Reliance Net Call
2013-05-28 22:07:19 -------- d-----w- C:\Users\Jack\AppData\Local\Thinstall
2013-05-28 21:40:52 -------- d-----w- C:\Users\Jack\AppData\Roaming\Wise Registry Cleaner
2013-05-28 21:40:29 -------- d-----w- C:\Program Files (x86)\Wise
2013-05-28 19:57:26 208216 ----a-w- C:\Windows\System32\drivers\92042079.sys
.
==================== Find3M ====================
.
2013-06-12 00:26:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:26:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 17:48:36 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:24:16.33 ===============

 

 

DDS attach.txt will be attached in other msg ...

SECURITY CHECK checkup.txt


Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300
Wise Registry Cleaner 7.71
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java 7 Update 9
Java™ SE Development Kit 7 Update 3
Java SE Development Kit 7 Update 9
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````

Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

 

COMBOFIX Results:

 

ComboFix 13-06-25.01 - Jack 06/27/2013  16:24:07.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2361 [GMT -5:00]

Running from: c:\users\Jack\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\14DE.tmp

c:\programdata\Microsoft\Windows\DRM\1668.tmp

c:\programdata\Microsoft\Windows\DRM\5528.tmp

c:\programdata\Microsoft\Windows\DRM\C133.tmp

c:\programdata\Microsoft\Windows\DRM\FFA9.tmp

c:\users\Jack\AppData\Local\assembly\tmp

c:\users\Jack\g2mdlhlpx.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))

.

.

2074-05-18 22:44 . 2008-03-21 19:46         607296  ----a-w-                c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQLAgent$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQL Server Distributed Replay Controller\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQL Server Distributed Replay Client\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\ReportServer$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSSQLFDLauncher$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSSQL$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSOLAP$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MsDtsServer110\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\DefaultAppPool\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\Default\AppData\Local\temp

2013-06-27 16:06 . 2013-06-27 16:06         --------   d-----w-                c:\program files (x86)\VS Revo Group

2013-06-26 20:18 . 2013-06-26 20:18         --------   d-----w-                c:\windows\ERUNT

2013-06-26 20:17 . 2013-06-27 18:09         --------   d-----w-                C:\JRT

2013-06-25 21:34 . 2013-06-25 21:34         --------   d-----w-                c:\program files\SystemRequirementsLab

2013-06-25 21:24 . 2013-06-25 21:24         --------   d-----w-                c:\programdata\Uniblue

2013-06-24 01:59 . 2013-06-24 02:05         --------   d-----w-                c:\users\Jack\AppData\Roaming\gsak

2013-06-22 11:58 . 2009-06-30 15:37         33800    ----a-w-                c:\windows\system32\drivers\pavboot64.sys

2013-06-22 11:58 . 2013-06-22 11:58         --------   d-----w-                c:\program files (x86)\Panda Security

2013-06-21 20:42 . 2013-06-21 20:42         --------   d-----w-                c:\programdata\SUPERAntiSpyware.com

2013-06-21 18:13 . 2013-06-21 18:23         --------   d-----w-                c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-21 18:13 . 2013-04-04 19:50         25928    ----a-w-                c:\windows\system32\drivers\mbam.sys

2013-06-16 20:38 . 2011-05-30 13:42         255488  ----a-w-                c:\windows\system32\xvidvfw.dll

2013-06-16 20:38 . 2011-05-23 09:52         153088  ----a-w-                c:\windows\SysWow64\xvid.ax

2013-06-16 20:38 . 2011-05-23 07:49         173568  ----a-w-                c:\windows\system32\xvid.ax

2013-06-16 20:38 . 2011-05-23 07:46         645632  ----a-w-                c:\windows\SysWow64\xvidcore.dll

2013-06-16 20:38 . 2011-05-23 07:45         696832  ----a-w-                c:\windows\system32\xvidcore.dll

2013-06-16 20:37 . 2011-05-30 13:42         240640  ----a-w-                c:\windows\SysWow64\xvidvfw.dll

2013-06-16 20:37 . 2013-06-16 20:38         --------   d-----w-                c:\program files (x86)\Xvid

2013-06-13 23:00 . 2013-05-13 03:43         1192448                ----a-w-                c:\windows\system32\certutil.exe

2013-06-13 23:00 . 2013-05-13 03:08         903168  ----a-w-                c:\windows\SysWow64\certutil.exe

2013-06-13 23:00 . 2013-05-13 05:51         1464320                ----a-w-                c:\windows\system32\crypt32.dll

2013-06-13 23:00 . 2013-05-13 04:45         1160192                ----a-w-                c:\windows\SysWow64\crypt32.dll

2013-06-13 23:00 . 2013-05-13 05:51         184320  ----a-w-                c:\windows\system32\cryptsvc.dll

2013-06-13 23:00 . 2013-05-13 05:51         139776  ----a-w-                c:\windows\system32\cryptnet.dll

2013-06-13 23:00 . 2013-05-13 04:45         103936  ----a-w-                c:\windows\SysWow64\cryptnet.dll

2013-06-13 23:00 . 2013-05-13 04:45         140288  ----a-w-                c:\windows\SysWow64\cryptsvc.dll

2013-06-13 23:00 . 2013-05-13 05:50         52224    ----a-w-                c:\windows\system32\certenc.dll

2013-06-13 23:00 . 2013-05-13 03:08         43008    ----a-w-                c:\windows\SysWow64\certenc.dll

2013-06-13 22:59 . 2013-05-10 05:49         30720    ----a-w-                c:\windows\system32\cryptdlg.dll

2013-06-13 22:59 . 2013-05-10 03:20         24576    ----a-w-                c:\windows\SysWow64\cryptdlg.dll

2013-06-13 22:58 . 2013-04-26 05:51         751104  ----a-w-                c:\windows\system32\win32spl.dll

2013-06-13 22:58 . 2013-04-26 04:55         492544  ----a-w-                c:\windows\SysWow64\win32spl.dll

2013-06-13 22:58 . 2013-05-08 06:39         1910632                ----a-w-                c:\windows\system32\drivers\tcpip.sys

2013-06-13 22:58 . 2013-04-17 06:24         1424384                ----a-w-                c:\windows\system32\WindowsCodecs.dll

2013-06-13 22:58 . 2013-04-17 07:02         1230336                ----a-w-                c:\windows\SysWow64\WindowsCodecs.dll

2013-06-13 22:58 . 2013-04-25 23:30         1505280                ----a-w-                c:\windows\SysWow64\d3d11.dll

2013-06-13 22:58 . 2013-03-31 22:52         1887232                ----a-w-                c:\windows\system32\d3d11.dll

2013-06-10 20:19 . 2013-06-10 20:19         208216  ----a-w-                c:\windows\system32\drivers\83954579.sys

2013-06-02 15:24 . 2013-06-23 20:59         --------   d-----w-                c:\program files (x86)\Reliance Net Call

2013-05-28 22:07 . 2013-05-28 22:07         --------   d-----w-                c:\users\Jack\AppData\Local\Thinstall

2013-05-28 21:40 . 2013-05-28 21:52         --------   d-----w-                c:\users\Jack\AppData\Roaming\Wise Registry Cleaner

2013-05-28 21:40 . 2013-05-28 21:40         --------   d-----w-                c:\program files (x86)\Wise

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 21:04 . 2012-08-04 22:26         75825640             ----a-w-                c:\windows\system32\MRT.exe

2013-06-12 00:26 . 2013-03-01 00:13         71048    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 00:26 . 2013-03-01 00:13         692104  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-28 19:57 . 2013-05-28 19:57         208216  ----a-w-                c:\windows\system32\drivers\92042079.sys

2013-05-20 14:55 . 2013-05-20 14:55         9728       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         9728       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         648192  ----a-w-                c:\windows\system32\d3d10level9.dll

2013-05-20 14:55 . 2013-05-20 14:55         604160  ----a-w-                c:\windows\SysWow64\d3d10level9.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         522752  ----a-w-                c:\windows\system32\XpsGdiConverter.dll

2013-05-20 14:55 . 2013-05-20 14:55         465920  ----a-w-                c:\windows\system32\WMPhoto.dll

2013-05-20 14:55 . 2013-05-20 14:55         417792  ----a-w-                c:\windows\SysWow64\WMPhoto.dll

2013-05-20 14:55 . 2013-05-20 14:55         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         4096       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3928064                ----a-w-                c:\windows\system32\d2d1.dll

2013-05-20 14:55 . 2013-05-20 14:55         364544  ----a-w-                c:\windows\SysWow64\XpsGdiConverter.dll

2013-05-20 14:55 . 2013-05-20 14:55         363008  ----a-w-                c:\windows\system32\dxgi.dll

2013-05-20 14:55 . 2013-05-20 14:55         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3584       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3419136                ----a-w-                c:\windows\SysWow64\d2d1.dll

2013-05-20 14:55 . 2013-05-20 14:55         333312  ----a-w-                c:\windows\system32\d3d10_1core.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         296960  ----a-w-                c:\windows\system32\d3d10core.dll

2013-05-20 14:55 . 2013-05-20 14:55         293376  ----a-w-                c:\windows\SysWow64\dxgi.dll

2013-05-20 14:55 . 2013-05-20 14:55         2776576                ----a-w-                c:\windows\system32\msmpeg2vdec.dll

2013-05-20 14:55 . 2013-05-20 14:55         2565120                ----a-w-                c:\windows\system32\d3d10warp.dll

2013-05-20 14:55 . 2013-05-20 14:55         2560       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         2560       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         249856  ----a-w-                c:\windows\SysWow64\d3d10_1core.dll

2013-05-20 14:55 . 2013-05-20 14:55         245248  ----a-w-                c:\windows\system32\WindowsCodecsExt.dll

2013-05-20 14:55 . 2013-05-20 14:55         2284544                ----a-w-                c:\windows\SysWow64\msmpeg2vdec.dll

2013-05-20 14:55 . 2013-05-20 14:55         221184  ----a-w-                c:\windows\system32\UIAnimation.dll

2013-05-20 14:55 . 2013-05-20 14:55         220160  ----a-w-                c:\windows\SysWow64\d3d10core.dll

2013-05-20 14:55 . 2013-05-20 14:55         207872  ----a-w-                c:\windows\SysWow64\WindowsCodecsExt.dll

2013-05-20 14:55 . 2013-05-20 14:55         1988096                ----a-w-                c:\windows\SysWow64\d3d10warp.dll

2013-05-20 14:55 . 2013-05-20 14:55         194560  ----a-w-                c:\windows\system32\d3d10_1.dll

2013-05-20 14:55 . 2013-05-20 14:55         187392  ----a-w-                c:\windows\SysWow64\UIAnimation.dll

2013-05-20 14:55 . 2013-05-20 14:55         1682432                ----a-w-                c:\windows\system32\XpsPrint.dll

2013-05-20 14:55 . 2013-05-20 14:55         1643520                ----a-w-                c:\windows\system32\DWrite.dll

2013-05-20 14:55 . 2013-05-20 14:55         161792  ----a-w-                c:\windows\SysWow64\d3d10_1.dll

2013-05-20 14:55 . 2013-05-20 14:55         1247744                ----a-w-                c:\windows\SysWow64\DWrite.dll

2013-05-20 14:55 . 2013-05-20 14:55         1238528                ----a-w-                c:\windows\system32\d3d10.dll

2013-05-20 14:55 . 2013-05-20 14:55         1175552                ----a-w-                c:\windows\system32\FntCache.dll

2013-05-20 14:55 . 2013-05-20 14:55         1158144                ----a-w-                c:\windows\SysWow64\XpsPrint.dll

2013-05-20 14:55 . 2013-05-20 14:55         1080832                ----a-w-                c:\windows\SysWow64\d3d10.dll

2013-05-20 14:55 . 2013-05-20 14:55         10752    ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         10752    ---ha-w-               c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-20 14:25 . 2012-12-18 23:37         501248  ----a-w-                c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-05-20 14:06 . 2012-11-13 21:44         199616  ----a-w-                c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2013-05-17 17:48 . 2013-05-17 17:48         564824  ----a-w-                c:\windows\system32\drivers\sptd.sys

2013-04-13 05:49 . 2013-05-20 13:39         135168  ----a-w-                c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-20 13:39         308736  ----a-w-                c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-20 13:39         111104  ----a-w-                c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 05:49 . 2013-05-20 13:39         350208  ----a-w-                c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 04:45 . 2013-05-20 13:39         474624  ----a-w-                c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-20 13:39         2176512                ----a-w-                c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-05-20 13:44         1656680                ----a-w-                c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-20 13:43         265064  ----a-w-                c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-20 13:43         983400  ----a-w-                c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-20 13:40         3153920                ----a-w-                c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2009-08-16 716800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

.

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sticky Notes.lnk - c:\windows\system32\StikyNot.exe [2009-7-13 427520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [x]

R2 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [x]

R3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]

R3 MSOLAP$MSSQLSERVER2012;SQL Server Analysis Services (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe;c:\program files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [x]

R3 MSSQL$MSSQLSERVER2012;SQL Server (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [x]

R3 MSSQL$SQLSERVERBID;SQL Server (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe [x]

R3 MSSQLFDLauncher$MSSQLSERVER2012;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [x]

R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ReportServer$MSSQLSERVER2012;SQL Server Reporting Services (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]

R3 ReportServer$SQLSERVERBID;SQL Server Reporting Services (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]

R3 SQLAgent$MSSQLSERVER2012;SQL Server Agent (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [x]

R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

R3 SQLAgent$SQLSERVERBID;SQL Server Agent (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE [x]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs    REG_MULTI_SZ                w3svc was

apphost               REG_MULTI_SZ                apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 00:26]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1001Core.job

- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 15:17]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1001UA.job

- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 15:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:Tabs

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-17659264.sys

SafeBoot-24096745.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ReportServerSharePoint:Service]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-27  16:35:15

ComboFix-quarantined-files.txt  2013-06-27 21:35

.

Pre-Run: 60,849,704,960 bytes free

Post-Run: 60,539,305,984 bytes free

.

- - End Of File - - EBC43C4A5362022316471B7299DC1810

D41D8CD98F00B204E9800998ECF8427E

 

 

 

 

 

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.



#4 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 27 June 2013 - 05:02 PM

Thanks Nasdaq for your help.


Here are result of AdwCleaner:

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 14:54:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jack - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk ( arg. : /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0)
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Users\Jack\AppData\Local\PackageAware

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\Software\DownTango
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Jack\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2453 octets] - [26/06/2013 14:54:40]

########## EOF - C:\AdwCleaner[R1].txt - [2513 octets] ##########

Result of JRT :
The first run gave some errors but at the same time my McAfee detected virus in wow.dll and demanded restart. So restarted computer. Then to I reran JRT thinking it will create another log file but it overwrote on the first log. The second log is :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jack on Thu
06/27/2013 at 13:10:00.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at 13:16:16.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


When JRT was running, i noticed that it was showing some extra info in its dos window. So I copied that which is as under:


Press any key to continue . . .

Creating a registry backup
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Checking Startup
Checking Modules
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Checking Processes
Checking Services
Checking Files
Checking Folders
Checking Registry
Checking Internet Explorer
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
'"C:\Users\Jack\AppData\Local\Temp\gweqxmksrrswrqrxt.exe"' is not recognized
as an internal or external command,
operable program or batch file.
Clearing Event Viewer Logs
Checking Shortcuts

I went into registry and cleared the source. Then subsequent runs of JRT displayed no additional msg.

DDS results are:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 1.7.0_09
Run by Jack at 13:22:23 on 2013-06-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2631 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://samsung.msn.com
uProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STICKY~1.LNK - C:\Windows\System32\StikyNot.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\25164675966696 : DHCPNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\47F697F64716F536573747F6D65627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\C6962627162797D21607 : DHCPNameServer = 198.207.222.99 10.1.200.3
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\D6C637075726C69636 : DHCPNameServer = 164.58.253.10 164.58.253.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-8-4 340216]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2013-6-22 33800]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-12-8 13824]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-21 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-9 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-4 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-4 182752]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-2 3574624]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-4 70112]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-9 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-9 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-21 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-4 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-4 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 409192]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-10-5 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-21 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S2 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2012-8-5 4608]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-26 1431888]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-9 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-4 106552]
S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2012-10-20 218608]
S3 MSOLAP$MSSQLSERVER2012;SQL Server Analysis Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [2012-10-20 72497640]
S3 MSSQL$MSSQLSERVER2012;SQL Server (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [2012-10-20 191976]
S3 MSSQL$SQLSERVERBID;SQL Server (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe [2008-8-11 57820696]
S3 MSSQLFDLauncher$MSSQLSERVER2012;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-3-30 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-3-30 9584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]
S3 ReportServer$MSSQLSERVER2012;SQL Server Reporting Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-10-20 2423792]
S3 ReportServer$SQLSERVERBID;SQL Server Reporting Services (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
S3 SQLAgent$MSSQLSERVER2012;SQL Server Agent (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [2012-10-20 612848]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S3 SQLAgent$SQLSERVERBID;SQL Server Agent (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE [2008-8-11 430616]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-8-5 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [2009-3-30 311640]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 RsFx0201;RsFx0201 Driver;C:\Windows\System32\drivers\RsFx0201.sys [2012-10-20 336880]
S4 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-12-8 166704]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-06-27 16:06:23 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-06-26 20:18:00 -------- d-----w- C:\Windows\ERUNT
2013-06-26 20:17:32 -------- d-----w- C:\JRT
2013-06-25 21:34:12 -------- d-----w- C:\Program Files\SystemRequirementsLab
2013-06-25 21:24:03 -------- d-----w- C:\ProgramData\Uniblue
2013-06-24 01:59:16 -------- d-----w- C:\Users\Jack\AppData\Roaming\gsak
2013-06-22 11:58:44 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2013-06-22 11:58:39 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-06-21 20:42:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-21 18:13:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-21 18:13:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 20:38:00 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-06-16 20:38:00 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-06-16 20:38:00 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-06-16 20:38:00 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-06-16 20:38:00 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-06-16 20:37:59 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-06-16 20:37:58 -------- d-----w- C:\Program Files (x86)\Xvid
2013-06-13 23:00:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-13 23:00:10 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-13 23:00:09 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-13 23:00:08 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-13 23:00:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-13 23:00:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-13 23:00:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-13 23:00:06 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-13 23:00:05 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-13 23:00:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-13 22:59:26 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-13 22:59:25 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-13 22:58:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-13 22:58:53 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-13 22:58:52 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-13 22:58:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-13 22:58:50 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-13 22:58:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-13 22:58:49 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-11 23:41:11 61304 ----a-w- C:\Users\Jack\g2mdlhlpx.exe
2013-06-10 20:19:59 208216 ----a-w- C:\Windows\System32\drivers\83954579.sys
2013-06-02 15:24:16 -------- d-----w- C:\Program Files (x86)\Reliance Net Call
2013-05-28 22:07:19 -------- d-----w- C:\Users\Jack\AppData\Local\Thinstall
2013-05-28 21:40:52 -------- d-----w- C:\Users\Jack\AppData\Roaming\Wise Registry Cleaner
2013-05-28 21:40:29 -------- d-----w- C:\Program Files (x86)\Wise
2013-05-28 19:57:26 208216 ----a-w- C:\Windows\System32\drivers\92042079.sys
.
==================== Find3M ====================
.
2013-06-12 00:26:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:26:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 17:48:36 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:24:16.33 ===============

 

 

DDS attach.txt is attached herewithAttached File  attach.txt   20.68KB   0 downloads...

SECURITY CHECK checkup.txt


Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300
Wise Registry Cleaner 7.71
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java 7 Update 9
Java™ SE Development Kit 7 Update 3
Java SE Development Kit 7 Update 9
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````

Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

 

COMBOFIX Results:

 

ComboFix 13-06-25.01 - Jack 06/27/2013  16:24:07.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2361 [GMT -5:00]

Running from: c:\users\Jack\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\14DE.tmp

c:\programdata\Microsoft\Windows\DRM\1668.tmp

c:\programdata\Microsoft\Windows\DRM\5528.tmp

c:\programdata\Microsoft\Windows\DRM\C133.tmp

c:\programdata\Microsoft\Windows\DRM\FFA9.tmp

c:\users\Jack\AppData\Local\assembly\tmp

c:\users\Jack\g2mdlhlpx.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))

.

.

2074-05-18 22:44 . 2008-03-21 19:46         607296  ----a-w-                c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQLAgent$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQL Server Distributed Replay Controller\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\SQL Server Distributed Replay Client\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\ReportServer$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSSQLFDLauncher$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSSQL$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MSOLAP$MSSQLSERVER2012\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\MsDtsServer110\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\DefaultAppPool\AppData\Local\temp

2013-06-27 21:31 . 2013-06-27 21:31         --------   d-----w-                c:\users\Default\AppData\Local\temp

2013-06-27 16:06 . 2013-06-27 16:06         --------   d-----w-                c:\program files (x86)\VS Revo Group

2013-06-26 20:18 . 2013-06-26 20:18         --------   d-----w-                c:\windows\ERUNT

2013-06-26 20:17 . 2013-06-27 18:09         --------   d-----w-                C:\JRT

2013-06-25 21:34 . 2013-06-25 21:34         --------   d-----w-                c:\program files\SystemRequirementsLab

2013-06-25 21:24 . 2013-06-25 21:24         --------   d-----w-                c:\programdata\Uniblue

2013-06-24 01:59 . 2013-06-24 02:05         --------   d-----w-                c:\users\Jack\AppData\Roaming\gsak

2013-06-22 11:58 . 2009-06-30 15:37         33800    ----a-w-                c:\windows\system32\drivers\pavboot64.sys

2013-06-22 11:58 . 2013-06-22 11:58         --------   d-----w-                c:\program files (x86)\Panda Security

2013-06-21 20:42 . 2013-06-21 20:42         --------   d-----w-                c:\programdata\SUPERAntiSpyware.com

2013-06-21 18:13 . 2013-06-21 18:23         --------   d-----w-                c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-21 18:13 . 2013-04-04 19:50         25928    ----a-w-                c:\windows\system32\drivers\mbam.sys

2013-06-16 20:38 . 2011-05-30 13:42         255488  ----a-w-                c:\windows\system32\xvidvfw.dll

2013-06-16 20:38 . 2011-05-23 09:52         153088  ----a-w-                c:\windows\SysWow64\xvid.ax

2013-06-16 20:38 . 2011-05-23 07:49         173568  ----a-w-                c:\windows\system32\xvid.ax

2013-06-16 20:38 . 2011-05-23 07:46         645632  ----a-w-                c:\windows\SysWow64\xvidcore.dll

2013-06-16 20:38 . 2011-05-23 07:45         696832  ----a-w-                c:\windows\system32\xvidcore.dll

2013-06-16 20:37 . 2011-05-30 13:42         240640  ----a-w-                c:\windows\SysWow64\xvidvfw.dll

2013-06-16 20:37 . 2013-06-16 20:38         --------   d-----w-                c:\program files (x86)\Xvid

2013-06-13 23:00 . 2013-05-13 03:43         1192448                ----a-w-                c:\windows\system32\certutil.exe

2013-06-13 23:00 . 2013-05-13 03:08         903168  ----a-w-                c:\windows\SysWow64\certutil.exe

2013-06-13 23:00 . 2013-05-13 05:51         1464320                ----a-w-                c:\windows\system32\crypt32.dll

2013-06-13 23:00 . 2013-05-13 04:45         1160192                ----a-w-                c:\windows\SysWow64\crypt32.dll

2013-06-13 23:00 . 2013-05-13 05:51         184320  ----a-w-                c:\windows\system32\cryptsvc.dll

2013-06-13 23:00 . 2013-05-13 05:51         139776  ----a-w-                c:\windows\system32\cryptnet.dll

2013-06-13 23:00 . 2013-05-13 04:45         103936  ----a-w-                c:\windows\SysWow64\cryptnet.dll

2013-06-13 23:00 . 2013-05-13 04:45         140288  ----a-w-                c:\windows\SysWow64\cryptsvc.dll

2013-06-13 23:00 . 2013-05-13 05:50         52224    ----a-w-                c:\windows\system32\certenc.dll

2013-06-13 23:00 . 2013-05-13 03:08         43008    ----a-w-                c:\windows\SysWow64\certenc.dll

2013-06-13 22:59 . 2013-05-10 05:49         30720    ----a-w-                c:\windows\system32\cryptdlg.dll

2013-06-13 22:59 . 2013-05-10 03:20         24576    ----a-w-                c:\windows\SysWow64\cryptdlg.dll

2013-06-13 22:58 . 2013-04-26 05:51         751104  ----a-w-                c:\windows\system32\win32spl.dll

2013-06-13 22:58 . 2013-04-26 04:55         492544  ----a-w-                c:\windows\SysWow64\win32spl.dll

2013-06-13 22:58 . 2013-05-08 06:39         1910632                ----a-w-                c:\windows\system32\drivers\tcpip.sys

2013-06-13 22:58 . 2013-04-17 06:24         1424384                ----a-w-                c:\windows\system32\WindowsCodecs.dll

2013-06-13 22:58 . 2013-04-17 07:02         1230336                ----a-w-                c:\windows\SysWow64\WindowsCodecs.dll

2013-06-13 22:58 . 2013-04-25 23:30         1505280                ----a-w-                c:\windows\SysWow64\d3d11.dll

2013-06-13 22:58 . 2013-03-31 22:52         1887232                ----a-w-                c:\windows\system32\d3d11.dll

2013-06-10 20:19 . 2013-06-10 20:19         208216  ----a-w-                c:\windows\system32\drivers\83954579.sys

2013-06-02 15:24 . 2013-06-23 20:59         --------   d-----w-                c:\program files (x86)\Reliance Net Call

2013-05-28 22:07 . 2013-05-28 22:07         --------   d-----w-                c:\users\Jack\AppData\Local\Thinstall

2013-05-28 21:40 . 2013-05-28 21:52         --------   d-----w-                c:\users\Jack\AppData\Roaming\Wise Registry Cleaner

2013-05-28 21:40 . 2013-05-28 21:40         --------   d-----w-                c:\program files (x86)\Wise

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 21:04 . 2012-08-04 22:26         75825640             ----a-w-                c:\windows\system32\MRT.exe

2013-06-12 00:26 . 2013-03-01 00:13         71048    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 00:26 . 2013-03-01 00:13         692104  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-28 19:57 . 2013-05-28 19:57         208216  ----a-w-                c:\windows\system32\drivers\92042079.sys

2013-05-20 14:55 . 2013-05-20 14:55         9728       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         9728       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         648192  ----a-w-                c:\windows\system32\d3d10level9.dll

2013-05-20 14:55 . 2013-05-20 14:55         604160  ----a-w-                c:\windows\SysWow64\d3d10level9.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         5632       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         522752  ----a-w-                c:\windows\system32\XpsGdiConverter.dll

2013-05-20 14:55 . 2013-05-20 14:55         465920  ----a-w-                c:\windows\system32\WMPhoto.dll

2013-05-20 14:55 . 2013-05-20 14:55         417792  ----a-w-                c:\windows\SysWow64\WMPhoto.dll

2013-05-20 14:55 . 2013-05-20 14:55         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         4096       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3928064                ----a-w-                c:\windows\system32\d2d1.dll

2013-05-20 14:55 . 2013-05-20 14:55         364544  ----a-w-                c:\windows\SysWow64\XpsGdiConverter.dll

2013-05-20 14:55 . 2013-05-20 14:55         363008  ----a-w-                c:\windows\system32\dxgi.dll

2013-05-20 14:55 . 2013-05-20 14:55         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3584       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3419136                ----a-w-                c:\windows\SysWow64\d2d1.dll

2013-05-20 14:55 . 2013-05-20 14:55         333312  ----a-w-                c:\windows\system32\d3d10_1core.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         3072       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         296960  ----a-w-                c:\windows\system32\d3d10core.dll

2013-05-20 14:55 . 2013-05-20 14:55         293376  ----a-w-                c:\windows\SysWow64\dxgi.dll

2013-05-20 14:55 . 2013-05-20 14:55         2776576                ----a-w-                c:\windows\system32\msmpeg2vdec.dll

2013-05-20 14:55 . 2013-05-20 14:55         2565120                ----a-w-                c:\windows\system32\d3d10warp.dll

2013-05-20 14:55 . 2013-05-20 14:55         2560       ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         2560       ---ha-w-               c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         249856  ----a-w-                c:\windows\SysWow64\d3d10_1core.dll

2013-05-20 14:55 . 2013-05-20 14:55         245248  ----a-w-                c:\windows\system32\WindowsCodecsExt.dll

2013-05-20 14:55 . 2013-05-20 14:55         2284544                ----a-w-                c:\windows\SysWow64\msmpeg2vdec.dll

2013-05-20 14:55 . 2013-05-20 14:55         221184  ----a-w-                c:\windows\system32\UIAnimation.dll

2013-05-20 14:55 . 2013-05-20 14:55         220160  ----a-w-                c:\windows\SysWow64\d3d10core.dll

2013-05-20 14:55 . 2013-05-20 14:55         207872  ----a-w-                c:\windows\SysWow64\WindowsCodecsExt.dll

2013-05-20 14:55 . 2013-05-20 14:55         1988096                ----a-w-                c:\windows\SysWow64\d3d10warp.dll

2013-05-20 14:55 . 2013-05-20 14:55         194560  ----a-w-                c:\windows\system32\d3d10_1.dll

2013-05-20 14:55 . 2013-05-20 14:55         187392  ----a-w-                c:\windows\SysWow64\UIAnimation.dll

2013-05-20 14:55 . 2013-05-20 14:55         1682432                ----a-w-                c:\windows\system32\XpsPrint.dll

2013-05-20 14:55 . 2013-05-20 14:55         1643520                ----a-w-                c:\windows\system32\DWrite.dll

2013-05-20 14:55 . 2013-05-20 14:55         161792  ----a-w-                c:\windows\SysWow64\d3d10_1.dll

2013-05-20 14:55 . 2013-05-20 14:55         1247744                ----a-w-                c:\windows\SysWow64\DWrite.dll

2013-05-20 14:55 . 2013-05-20 14:55         1238528                ----a-w-                c:\windows\system32\d3d10.dll

2013-05-20 14:55 . 2013-05-20 14:55         1175552                ----a-w-                c:\windows\system32\FntCache.dll

2013-05-20 14:55 . 2013-05-20 14:55         1158144                ----a-w-                c:\windows\SysWow64\XpsPrint.dll

2013-05-20 14:55 . 2013-05-20 14:55         1080832                ----a-w-                c:\windows\SysWow64\d3d10.dll

2013-05-20 14:55 . 2013-05-20 14:55         10752    ---ha-w-               c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-20 14:55 . 2013-05-20 14:55         10752    ---ha-w-               c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-20 14:25 . 2012-12-18 23:37         501248  ----a-w-                c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-05-20 14:06 . 2012-11-13 21:44         199616  ----a-w-                c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2013-05-17 17:48 . 2013-05-17 17:48         564824  ----a-w-                c:\windows\system32\drivers\sptd.sys

2013-04-13 05:49 . 2013-05-20 13:39         135168  ----a-w-                c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-20 13:39         308736  ----a-w-                c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-20 13:39         111104  ----a-w-                c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 05:49 . 2013-05-20 13:39         350208  ----a-w-                c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 04:45 . 2013-05-20 13:39         474624  ----a-w-                c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-20 13:39         2176512                ----a-w-                c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-05-20 13:44         1656680                ----a-w-                c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-20 13:43         265064  ----a-w-                c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-20 13:43         983400  ----a-w-                c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-20 13:40         3153920                ----a-w-                c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2009-08-16 716800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

.

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sticky Notes.lnk - c:\windows\system32\StikyNot.exe [2009-7-13 427520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [x]

R2 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [x]

R3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]

R3 MSOLAP$MSSQLSERVER2012;SQL Server Analysis Services (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe;c:\program files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [x]

R3 MSSQL$MSSQLSERVER2012;SQL Server (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [x]

R3 MSSQL$SQLSERVERBID;SQL Server (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe [x]

R3 MSSQLFDLauncher$MSSQLSERVER2012;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [x]

R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ReportServer$MSSQLSERVER2012;SQL Server Reporting Services (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]

R3 ReportServer$SQLSERVERBID;SQL Server Reporting Services (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]

R3 SQLAgent$MSSQLSERVER2012;SQL Server Agent (MSSQLSERVER2012);c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [x]

R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

R3 SQLAgent$SQLSERVERBID;SQL Server Agent (SQLSERVERBID);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE [x]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]

R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]

R4 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs    REG_MULTI_SZ                w3svc was

apphost               REG_MULTI_SZ                apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 00:26]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1001Core.job

- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 15:17]

.

2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1688672369-560665978-2355779204-1001UA.job

- c:\users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 15:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 02:59              2328776                ----a-w-                c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:Tabs

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-17659264.sys

SafeBoot-24096745.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ReportServerSharePoint:Service]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-27  16:35:15

ComboFix-quarantined-files.txt  2013-06-27 21:35

.

Pre-Run: 60,849,704,960 bytes free

Post-Run: 60,539,305,984 bytes free

.

- - End Of File - - EBC43C4A5362022316471B7299DC1810

D41D8CD98F00B204E9800998ECF8427E

 

 

 

 

 

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 28 June 2013 - 08:02 AM


Just want to make sure you have deleted the item found by AdwCleaner
Both logs submitted are the scan product.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 9

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

p.s.
Do you need both of these Development Kits?

Java™ SE Development Kit 7 Update 3
Java SE Development Kit 7 Update 9


Please let me know what problem persists.

#6 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 30 June 2013 - 07:57 PM

Thanks again for your reply, Nasdaq.

 

I deleted what was found by AdwClear and also removed old versions of Java. But the problem persisted. Then accidently, i found a solution at :

http://weirdwindowsfixes.blogspot.in/

 

The culprit had created some Registry entries with Key name/id as :

{fbeb8a05-beee-4442-804e-409d6c4515e9}

 

I found every instances of this key/value and deleted them. I could not delete some as they were installed by TrustedInstaller group and Windoes 7 System or Admin do not have any rights to modify or delete it.

 

When i restarted, the problem was gone except that the error dialogue box was opening in the beginning only for once.

 

Then I ran RogueKiller which edited the entry and problem was gone. The log report is as under. Let me know if I have to delete something because I didn't clear everything except what was related to the error:

 

RougeKiller Log:

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Admin rights]
Mode : Remove -- Date : 06/30/2013 14:19:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "C:\Users\Jack\AppData\Local\Temp\~DFB34~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DFFE2~1.TMP" "C:\Users\Jack\AppData\Local\Temp\FXSAPI~1.TXT" "C:\Users\Jack\AppData\Local\Temp\~DF0D0~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF1A9~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF07F~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF54B~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF949~1.TMP" "D:\Temp\TEMPOR~1\Low" [7][x][x][-][x][x][x][x][x][-]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-20\[...]\Run : Thinstall (rundll32 "C:\Users\Jack\AppData\Local\Macromedia\Thinstall\rhxknnh.dll",DllRegisterServer [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1688672369-560665978-2355779204-1001\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "C:\Users\Jack\AppData\Local\Temp\~DFB34~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DFFE2~1.TMP" "C:\Users\Jack\AppData\Local\Temp\FXSAPI~1.TXT" "C:\Users\Jack\AppData\Local\Temp\~DF0D0~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF1A9~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF07F~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF54B~1.TMP" "C:\Users\Jack\AppData\Local\Temp\~DF949~1.TMP" "D:\Temp\TEMPOR~1\Low" [7][x][x][-][x][x][x][x][x][-]) -> NOT SELECTED
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (C:\Users\Jack\AppData\Local\Temp\svqtdic\sbntppt\wow64.dll [-]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 9e8ff156fbebdbf7a6002a415c9d540e
[BSP] 806b902c9abdbcaff924074ad35b82bc : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 184320 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 377694208 | Size: 274942 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 940775424 | Size: 17575 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06302013_141950.txt >>
RKreport[0]_S_06302013_141658.txt



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 01 July 2013 - 07:48 AM

That was a good catch.

You should run the RogueKiller tool and remove these registry entries.

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED



When i restarted, the problem was gone except that the error dialogue box was opening in the beginning only for once.

Please post a fresh DDS log for my review.

#8 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 02 July 2013 - 01:38 PM

Thanks again for your kind help.

 

I ran RogueKiller and cleared the above mentioned registry entries.

 

Here is DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 1.7.0_09
Run by Jack at 13:23:17 on 2013-07-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2813 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://samsung.msn.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STICKY~1.LNK - C:\Windows\System32\StikyNot.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\25164675966696 : DHCPNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\47F697F64716F536573747F6D65627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\C6962627162797D21607 : DHCPNameServer = 198.207.222.99 10.1.200.3
TCP: Interfaces\{CDB8D1C0-A511-4F97-9117-532153220313}\D6C637075726C69636 : DHCPNameServer = 164.58.253.10 164.58.253.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130610175220.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-8-4 340216]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-12-8 13824]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-2 418376]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-4 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-4 182752]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-2 4150112]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-9 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-9 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-21 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-4 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-4 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 409192]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-10-5 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-2 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S2 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2012-8-5 4608]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-4 70112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-26 1431888]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-4 106552]
S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2012-10-20 218608]
S3 MSOLAP$MSSQLSERVER2012;SQL Server Analysis Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSAS11.MSSQLSERVER2012\OLAP\bin\msmdsrv.exe [2012-10-20 72497640]
S3 MSSQL$MSSQLSERVER2012;SQL Server (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\sqlservr.exe [2012-10-20 191976]
S3 MSSQL$SQLSERVERBID;SQL Server (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\sqlservr.exe [2008-8-11 57820696]
S3 MSSQLFDLauncher$MSSQLSERVER2012;SQL Full-text Filter Daemon Launcher (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-3-30 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-3-30 9584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]
S3 ReportServer$MSSQLSERVER2012;SQL Server Reporting Services (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSRS11.MSSQLSERVER2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-10-20 2423792]
S3 ReportServer$SQLSERVERBID;SQL Server Reporting Services (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVERBID\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
S3 SQLAgent$MSSQLSERVER2012;SQL Server Agent (MSSQLSERVER2012);C:\Program Files\Microsoft SQL Server\2012\MSSQL11.MSSQLSERVER2012\MSSQL\Binn\SQLAGENT.EXE [2012-10-20 612848]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S3 SQLAgent$SQLSERVERBID;SQL Server Agent (SQLSERVERBID);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVERBID\MSSQL\Binn\SQLAGENT.EXE [2008-8-11 430616]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-8-5 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-24 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [2009-3-30 311640]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 RsFx0201;RsFx0201 Driver;C:\Windows\System32\drivers\RsFx0201.sys [2012-10-20 336880]
S4 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-12-8 166704]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-07-02 17:08:48 712264 ----a-w- C:\Windows\isRS-000.tmp
2013-07-02 16:33:30 -------- d-----w- C:\Users\Jack\AppData\Roaming\AVG2013
2013-07-02 16:32:59 -------- d-----w- C:\Users\Jack\AppData\Roaming\TuneUp Software
2013-07-02 16:31:01 -------- d--h--w- C:\$AVG
2013-07-02 16:31:01 -------- d-----w- C:\ProgramData\AVG2013
2013-07-02 16:30:08 -------- d-----w- C:\Program Files (x86)\AVG
2013-07-02 16:24:29 -------- d-----w- C:\Users\Jack\AppData\Local\MFAData
2013-07-02 16:24:29 -------- d-----w- C:\Users\Jack\AppData\Local\Avg2013
2013-07-02 16:24:29 -------- d-----w- C:\ProgramData\MFAData
2013-06-29 17:36:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-29 17:36:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-27 16:06:23 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-06-26 20:18:00 -------- d-----w- C:\Windows\ERUNT
2013-06-26 20:17:32 -------- d-----w- C:\JRT
2013-06-25 21:34:12 -------- d-----w- C:\Program Files\SystemRequirementsLab
2013-06-25 21:24:03 -------- d-----w- C:\ProgramData\Uniblue
2013-06-24 01:59:16 -------- d-----w- C:\Users\Jack\AppData\Roaming\gsak
2013-06-22 11:58:39 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-06-21 20:42:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-21 18:13:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-21 18:13:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 20:38:00 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-06-16 20:38:00 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-06-16 20:38:00 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-06-16 20:38:00 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-06-16 20:38:00 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-06-16 20:37:59 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-06-16 20:37:58 -------- d-----w- C:\Program Files (x86)\Xvid
2013-06-13 23:00:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-13 23:00:10 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-13 23:00:09 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-13 23:00:08 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-13 23:00:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-13 23:00:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-13 23:00:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-13 23:00:06 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-13 23:00:05 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-13 23:00:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-13 22:59:26 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-13 22:59:25 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-13 22:58:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-13 22:58:53 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-13 22:58:52 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-13 22:58:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-13 22:58:50 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-13 22:58:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-13 22:58:49 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-11 23:41:11 61304 ----a-w- C:\Users\Jack\g2mdlhlpx.exe
2013-06-10 20:19:59 208216 ----a-w- C:\Windows\System32\drivers\83954579.sys
.
==================== Find3M  ====================
.
2013-06-12 00:26:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:26:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-28 19:57:26 208216 ----a-w- C:\Windows\System32\drivers\92042079.sys
2013-05-17 17:48:36 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:25:27.50 ===============
 

 

 

 

The DDS Attach.txt is attached herewith.

 

I have uninstalled McAfee and installed AVG. I am sure you will notice that in the logs.

 

I appreciate your time and help. Thank you very much.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 03 July 2013 - 06:33 AM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 03 July 2013 - 11:30 AM

Thanks Nasdaq for all your help and time. I appreciate it.

 

Yesterday, I was doing something and AVG found an infection in wow.dll at the exactly same location as it was poping in warning dialogue box. I was surprised. AVG tried to remove it but it couldn't. Then I dug up my old XP BartPE CD and booted my computer. I could see the folder in the File Manager but could not see inside. I checked and I saw that it was created by TrustedInstaller. Fortunately, BartPE allowed me to change the ownership and by doing that using Advance option, I was able to delete the folder of wow.dll.

 

I am still confused because I could not see WOW.dll's folder in Windows Explorer but it was seen by BartPE. Are there any other hidden folders with viruses in system? How to dig that? Is there any way to list all files and folders owned by TrustedInstaller?

 

As such my system is working fine without any unexpected behavior and as virus scanners are not showing anything, I was confident that all traces are removed but now I am rethinking. It seems I will have to format and reinstall my system. That will be the sure cure.



#11 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 03 July 2013 - 11:34 AM

Addendum :

My BartPE is from XP 32 bits while OS is Win7 64 bits. Then how come BartPE could show hidden folder of wow.dll while Win7 couldn't?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 04 July 2013 - 06:40 AM

Any file or folder set with the Hidden attribute will not be shown.

You can see them all by changing the setting. Not recommended if this computer is used by many users. Your call.
This attributes protect again deleting a system file which is required by the system. Your call.
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

#13 jackcloe

jackcloe
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 04 July 2013 - 10:27 AM

I unhid all files. That way it will be easier to find and delete virus files. No more surprises.

 

Well, once again thanks for your time and help. I appreciate you and other volunteers who are happily providing this service. Kudos to you!

 

With warm regards,

Jack



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 04 July 2013 - 12:13 PM

Glad we could help.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 10 July 2013 - 09:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users